|
| 1 | +# MSC2874: Single SSSS |
| 2 | + |
| 3 | +[Secure Secret Storage and |
| 4 | +Sharing](https://github.com/matrix-org/matrix-doc/pull/1946) (SSSS) was |
| 5 | +designed to allow the user to create multiple keys that would be able to |
| 6 | +decrypt different subsets of the secrets. However, the vast majority of users |
| 7 | +do not need this feature. |
| 8 | + |
| 9 | +This proposal defines how clients should behave if they only wish to support a |
| 10 | +single key, by defining which key clients should use if multiple keys are |
| 11 | +present. It also makes the `name` field in the `m.secret_storage.key.*` events |
| 12 | +optional, as this field was mainly added to allow a user to select between |
| 13 | +different keys. |
| 14 | + |
| 15 | +## Proposal |
| 16 | + |
| 17 | +If a client wants to present a simplified interface to users by not supporting |
| 18 | +multiple SSSS keys, then the client should use the default key (the key listed |
| 19 | +in the `m.secret_storage.default_key` account data event.) If there is no |
| 20 | +default key the client may behave as if there is no SSSS key at all. When such |
| 21 | +a client creates an SSSS key, it must mark that key as being the default key. |
| 22 | + |
| 23 | +The `name` field in the `m.secret_storage.key.*` account data events is |
| 24 | +optional, rather than required. If a client wishes to display multiple keys to |
| 25 | +a user and a given key does not have a `name` field, the client may use a |
| 26 | +default name as the key's name, such as "Unnamed key", or "Default key" if the |
| 27 | +key is marked as default. |
| 28 | + |
| 29 | +For example, when a client creates a key with ID `abcdefg`, it will create an |
| 30 | +`m.secret_storage.key.abcdefg` account data event to store information about |
| 31 | +the key. It will then mark it as the default key by setting the |
| 32 | +`m.secret_storage.default_key` account data to `{"key": "abcdefg"}`. When |
| 33 | +another client logs in after this, it will see that the default key has been |
| 34 | +set, and will know to use that key as the SSSS key. |
| 35 | + |
| 36 | +## Potential issues |
| 37 | + |
| 38 | +If secrets are encrypted using a key that is not marked as default, a client |
| 39 | +might not decrypt the secrets, even if it would otherwise be able to. |
| 40 | + |
| 41 | +## Alternatives |
| 42 | + |
| 43 | +Rather than solely relying on the key marked as default, a client could guess |
| 44 | +at what key to use. For example, it could look at the secrets that it needs, |
| 45 | +see what keys they are encrypted with, and if there is only one common key, |
| 46 | +then it could use that. (This is what Element currently does.) Or if there |
| 47 | +are multiple keys, it could use some sort of heuristic to pick a key. However, |
| 48 | +this approach can be error-prone, and it is better to rely on an explicit |
| 49 | +marking. |
| 50 | + |
| 51 | +## Security considerations |
| 52 | + |
| 53 | +None |
| 54 | + |
| 55 | +## Unstable prefix |
| 56 | + |
| 57 | +An unstable prefix is not needed for a behaviour change in choosing the key to |
| 58 | +use as there are no event/endpoint changes. |
| 59 | + |
| 60 | +Some clients already omit the `name` field (notably, matrix-js-sdk |
| 61 | +unintentionally does this -- mea culpa), and this does not seem to be causing |
| 62 | +issues, so an unstable prefix seems unnecessary for this. |
0 commit comments