Kegsay
commit
fd591f2013
11 changed files with 24 additions and 23 deletions
|
|
@ -24,7 +24,7 @@ Threat: Unrecoverable Consistency Violations
|
|||
++++++++++++++++++++++++++++++++++++++++++++
|
||||
|
||||
An attacker could send messages which created an unrecoverable "split-brain"
|
||||
state in the cluster such that the victim's servers could no longer dervive a
|
||||
state in the cluster such that the victim's servers could no longer derive a
|
||||
consistent view of the chatroom state.
|
||||
|
||||
Threat: Bad History
|
||||
|
|
@ -63,7 +63,7 @@ Spoofing
|
|||
An attacker could try to send a message claiming to be from the victim without
|
||||
the victim having sent the message in order to:
|
||||
|
||||
* Impersonate the victim while performing illict activity.
|
||||
* Impersonate the victim while performing illicit activity.
|
||||
* Obtain privileges of the victim.
|
||||
|
||||
Threat: Altering Message Contents
|
||||
|
|
@ -81,7 +81,7 @@ with a phony "origin" field.
|
|||
Spamming
|
||||
~~~~~~~~
|
||||
|
||||
The attacker could try to send a high volume of solicicted or unsolicted
|
||||
The attacker could try to send a high volume of solicited or unsolicited
|
||||
messages to the victim in order to:
|
||||
|
||||
* Find victims for scams.
|
||||
|
|
@ -322,7 +322,7 @@ including the AS token on a ``/register`` request, along with a login type of
|
|||
|
||||
Application services which attempt to create users or aliases *outside* of
|
||||
their defined namespaces will receive an error code ``M_EXCLUSIVE``. Similarly,
|
||||
normal users who attempt to create users or alises *inside* an application
|
||||
normal users who attempt to create users or aliases *inside* an application
|
||||
service-defined namespace will receive the same ``M_EXCLUSIVE`` error code,
|
||||
but only if the application service has defined the namespace as ``exclusive``.
|
||||
|
||||
|
|
@ -375,9 +375,10 @@ an API is exposed.
|
|||
Room Aliases
|
||||
++++++++++++
|
||||
We may want to expose some 3P network rooms so Matrix users can join them directly,
|
||||
e.g. IRC rooms. We don't want to expose every 3P network room though, e.g. mailto,
|
||||
tel. Rooms which are publicly accessible (e.g. IRC rooms) can be exposed as an alias by
|
||||
the application service. Private rooms (e.g. sending an email to someone) should not
|
||||
e.g. IRC rooms. We don't want to expose every 3P network room though, e.g.
|
||||
``mailto``, ``tel``. Rooms which are publicly accessible (e.g. IRC rooms) can be
|
||||
exposed as an alias by the application service. Private rooms
|
||||
(e.g. sending an email to someone) should not
|
||||
be exposed in this way, but should instead operate using normal invite/join semantics.
|
||||
Therefore, the ID conventions discussed below are only valid for public rooms which
|
||||
expose room aliases.
|
||||
|
|
@ -397,9 +398,9 @@ SHOULD be mapped in the same way as "user" URIs.
|
|||
|
||||
Event fields
|
||||
++++++++++++
|
||||
We recommend that any gatewayed events should include an ``external_url`` field
|
||||
in their content to provide a way for Matrix clients to link into the 'native'
|
||||
client from which the event originated. For instance, this could contain the
|
||||
message-ID for emails/nntp posts, or a link to a blog comment when gatewaying
|
||||
blog comment traffic in & out of matrix
|
||||
We recommend that any events that originated from a remote network should
|
||||
include an ``external_url`` field in their content to provide a way for Matrix
|
||||
clients to link into the 'native' client from which the event originated.
|
||||
For instance, this could contain the message-ID for emails/nntp posts, or a link
|
||||
to a blog comment when bridging blog comment traffic in & out of Matrix.
|
||||
|
||||
|
|
@ -630,7 +630,7 @@ because HTTP services like Matrix are often deployed behind load balancers that
|
|||
handle the TLS and these load balancers make it difficult to check TLS client
|
||||
certificates.
|
||||
|
||||
A home server may provide a TLS client certficate and the receiving home server
|
||||
A home server may provide a TLS client certificate and the receiving home server
|
||||
may check that the client certificate matches the certificate of the origin
|
||||
home server.
|
||||
|
||||
|
|
@ -1,17 +1,17 @@
|
|||
targets:
|
||||
main: # arbitrary name to identify this build target
|
||||
files: # the sort order of files to cat
|
||||
- 0-intro.rst
|
||||
- 1-client_server_api.rst
|
||||
- { 1: 0-events.rst }
|
||||
- { 1: 0-event_signing.rst }
|
||||
- 2-modules.rst
|
||||
- { 1: 0-feature_profiles.rst }
|
||||
- intro.rst
|
||||
- client_server_api.rst
|
||||
- { 1: events.rst }
|
||||
- { 1: event_signing.rst }
|
||||
- modules.rst
|
||||
- { 1: feature_profiles.rst }
|
||||
- { 1: "group:modules" } # reference a group of files
|
||||
- 3-application_service_api.rst
|
||||
- 4-server_server_api.rst
|
||||
- 5-identity_servers.rst
|
||||
- 6-appendices.rst
|
||||
- application_service_api.rst
|
||||
- server_server_api.rst
|
||||
- identity_servers.rst
|
||||
- appendices.rst
|
||||
groups: # reusable blobs of files when prefixed with 'group:'
|
||||
modules:
|
||||
- modules/instant_messaging.rst
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue