Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

We need to define the validation rules applied to federation events. (SPEC-27) #463

Closed
matrixbot opened this issue Sep 30, 2014 · 2 comments
Closed

We need to define the validation rules applied to federation events. (SPEC-27) #463

matrixbot opened this issue Sep 30, 2014 · 2 comments
Labels
feature Suggestion for a significant extension which needs considerable consideration s2s Server-to-Server API (federation)

Comments

@matrixbot
Copy link
Member

My notes from talking to Mjark yesterday:

  • Rules that we apply to check whether things aren't valid. Too loose, we risk spoofing - too tight, we risk DoS (perhaps)

A main question: should you reject stuff which is included in a transaction from a server, but isn't originally from that server, and is invalid? Answer: probably. However you need to check you can't engineer a state where a malicious server encourages a legitimate server to accept an invalid message.

(Imported from https://matrix.org/jira/browse/SPEC-27)

(Reported by @ara4n)
@matrixbot
Copy link
Member Author

Jira watchers: @ara4n

@matrixbot matrixbot added the p1 label Oct 28, 2016
@matrixbot matrixbot changed the title We need to define the validation rules applied to federation events. We need to define the validation rules applied to federation events. (SPEC-27) Oct 31, 2016
@matrixbot matrixbot added the feature Suggestion for a significant extension which needs considerable consideration label Nov 7, 2016
@turt2live turt2live added the s2s Server-to-Server API (federation) label Jul 10, 2018
@turt2live turt2live self-assigned this Sep 6, 2018
@turt2live turt2live mentioned this issue Sep 6, 2018
Open
@turt2live turt2live removed their assignment Oct 16, 2018
@neilisfragile neilisfragile added r0 P2 and removed p1 labels Jan 7, 2019
@turt2live turt2live removed the r0 P2 label Jun 3, 2019
@richvdh
Copy link
Member

richvdh commented Aug 25, 2021

I think this is a dup of matrix-org/matrix-spec#365.

@richvdh richvdh closed this as completed Aug 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature Suggestion for a significant extension which needs considerable consideration s2s Server-to-Server API (federation)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@neilisfragile @turt2live @richvdh @matrixbot