Don't use rejected auth events
This commit is contained in:
Erik Johnston
parent
b8a8d132b2
commit
a80ff2f69f
1 changed files with 7 additions and 3 deletions
|
|
@ -285,8 +285,8 @@ First we define:
|
|||
events, the auth check algorithm is applied to each event in turn. The state
|
||||
events used to auth are built up from previous events that passed the auth
|
||||
checks, starting from a base set of state. If a required auth key doesn't
|
||||
exist in the state, then the one in the event's auth_events is used. (See
|
||||
_Variations_ and _Attack Vectors_ below).
|
||||
exist in the state, then the one in the event's auth_events is used if the
|
||||
auth event is not rejected. (See _Variations_ and _Attack Vectors_ below).
|
||||
|
||||
The algorithm proceeds as follows:
|
||||
|
||||
|
|
@ -446,7 +446,7 @@ reapply the unconflicted state at the end).
|
|||
|
||||
Events that have been rejected due to failing auth based on the state at the
|
||||
event (rather than based on their auth chain) are handled as usual by the
|
||||
algorithm.
|
||||
algorithm, unless otherwise specified.
|
||||
|
||||
Note that no events rejected due to failure to auth against their auth chain
|
||||
should appear in the process, as they should not appear in state (and the
|
||||
|
|
@ -473,6 +473,10 @@ Intuitively using rejected events feels dangerous, however:
|
|||
duplicated event will pass auth. Therefore ignoring rejected events wouldn't
|
||||
reduce any potential attack vectors
|
||||
|
||||
We specifically don't use rejected auth events in the iterative auth checks, as
|
||||
in that case the auth events aren't re-authed like the rest of the events in the
|
||||
list.
|
||||
|
||||
|
||||
### Attack Vectors
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue