Skip to content

Commit 0b4411e

Browse files
uhoreguhoreg
committed
more words
1 parent be9c37e commit 0b4411e

File tree

1 file changed

+19
-2
lines changed

1 file changed

+19
-2
lines changed

proposals/1543-qr_code_key_verification.md

Lines changed: 19 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -67,8 +67,10 @@ Example flow:
6767
8. Alice's device sends a `m.key.verification.start` message with `method` set
6868
to `m.reciprocate.v1` to Bob (see below). The message includes the shared
6969
secret from the QR code. This signals to Bob's device that Alice has
70-
scanned Bob's QR code. (This message is merely a signal for Bob's device to
71-
proceed to the next step, and is not used in the actual verification.)
70+
scanned Bob's QR code.
71+
72+
This message is merely a signal for Bob's device to proceed to the next
73+
step, and is not used for verification purposes.
7274
9. Upon receipt of the `m.key.verification.start` message, Bob's device ensures
7375
that the shared secret matches.
7476

@@ -80,8 +82,23 @@ Example flow:
8082
has scanned the QR code.
8183
10. Bob sees Alice's device confirm that the key matches, and presses the button
8284
on his device to indicate that Alice's key is verified.
85+
86+
Bob's verification of Alice's key hinges on Alice telling Bob the result of
87+
her scan. Since the QR code includes what Bob thinks Alice's key is,
88+
Alice's device can check whether Bob has the right key for her. Alice has
89+
no motivation to lie about the result, as getting Bob to trust an incorrect
90+
key would only affect communications between herself and Bob. Thus Alice
91+
telling Bob that the code was scanned successfully is sufficient for Bob to
92+
trust Alice's key, under the assumption that this communication is done
93+
over a trusted medium (such as in-person).
8394
11. Both devices send an `m.key.verification.done` message.
8495

96+
This flow allows Alice to verify Bob's key, and Bob to verify Alice's key.
97+
Alice verifies Bob's key because she can trust the QR code that Bob displays
98+
for her, as this is done over a trusted medium. Bob verifies Alice's key
99+
because Alice can trust the QR code that Bob displays, and Bob can trust Alice
100+
to tell him the result of the verification.
101+
85102
### Verification methods
86103

87104
This proposal defines three verification methods that can be used in

0 commit comments

Comments
 (0)