Skip to content

Commit 62e94c5

Browse files
clokepclokep
committed
Remove security considerations (moved to MSC3083).
1 parent 45bcd86 commit 62e94c5

File tree

1 file changed

+1
-24
lines changed

1 file changed

+1
-24
lines changed

proposals/3173-expose-stripped-state-events.md

Lines changed: 1 addition & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,7 @@ include the following as stripped state events:
8484

8585
This also implies that the above information is available to any potential joiner
8686
in the API proposed in [MSC2946: Spaces summary](https://github.com/matrix-org/matrix-doc/pull/2946).
87-
I.e. rooms which could be joined due to [MSC3083](https://github.com/matrix-org/matrix-doc/pull/3083)
87+
E.g. rooms which could be joined due to [MSC3083](https://github.com/matrix-org/matrix-doc/pull/3083)
8888
can expose the information available in stripped state events.
8989

9090
## Potential issues
@@ -99,29 +99,6 @@ knocking.
9999

100100
## Security considerations
101101

102-
The server-server API discussed in [MSC2946](https://github.com/matrix-org/matrix-doc/pull/2946)
103-
does not know the user who is requesting a summary of the space, but should divulge
104-
the above information if any member of a server could see it. It is up to the
105-
calling server to properly filter this information.
106-
107-
Consider that Alice and Bob share a server; Alice is a member of a space, but Bob
108-
is not. The remote server will not know whether the request is on behalf of Alice
109-
or Bob (and hence whether it should share details of private rooms within that
110-
space).
111-
112-
Trust is placed in the calling server: if there are any users on the calling
113-
server in the correct space, that calling server has a right to know about the
114-
rooms in that space and should return the relevant summaries, along with enough
115-
information that the calling server can then do some filtering.
116-
117-
(The alternative, where the calling server sends the requesting `user_id`, and
118-
the target server does the filtering, is unattractive because it rules out a
119-
future world where the calling server can cache the result.)
120-
121-
This does not decrease security since a server could lie and make a request on
122-
behalf of a user in the proper space to see the given information. I.e. the
123-
calling server must be trusted anyway.
124-
125102
## Future extensions
126103

127104
Dedicated client-server and server-server APIs could be added to request the

0 commit comments

Comments
 (0)