Identity service should do lookups based on hashed 3PIDs, not plaintext ones. #2130
Labels
identity service
improvement
A suggestion for a relatively simple improvement to the protocol
privacy-sprint
Temporary label: privacy-related stuff
Comments
turt2live
added
identity service
improvement
|
ftr, there is a reason in the case of identity servers backed by another system, such as LDAP. The identity server might not know if a user exists based on hash (as it would be compute heavy to pull all the users from the external system and hash all their identifiers at that point in time), and therefore would need the plain text address so it can more easily do the lookup. The more general cases though should be hashed, although I question to what extent we do this. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There is no reason for an IS to ever handle plaintext 3PIDs when doing a lookup; from a privacy perspective we should hash them.
The text was updated successfully, but these errors were encountered: