wholetrans/docs-matrix-spec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #1833 from matrix-org/travis/misc/domain-security

Browse source 
Document domain reuse concerns
This commit is contained in:
Travis Ralston 2019-01-31 16:07:21 -07:00 committed by GitHub
commit fb36757869
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
specification/server_server_api.rst
View file

@ -1303,6 +1303,16 @@ Example code
known hash functions like SHA-256 when none of the keys have been redacted]]
Security considerations
-----------------------
When a domain's ownership changes, the new controller of the domain can masquerade
as the previous owner, receiving messages (similarly to email) and request past
messages from other servers. In the future, proposals like
`MSC1228 <https://github.com/matrix-org/matrix-doc/issues/1228>`_ will address this
issue.
.. |/query/directory| replace:: ``/query/directory``
.. _/query/directory: #get-matrix-federation-v1-query-directory