-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Construct uses POST /query instead of GET /server for fetching server keys #164
Comments
Construct stopped making use of GET /_matrix/key/v2/server/{keyId} earlier this year. There may be some more to research starting from matrix-org/synapse#6596 which was around the time Construct encountered trouble and made the change. Some of the issues with
The I would prefer to be accommodating here rather than incompatible, though I contend that neither of them would do the same. The point has to be written out explicitly just so it's not lost on anyone: the burden is on them to implement the spec. The burden of compatibility and the effort toward accommodation should not be a step backward for Construct, or anyone. They should step forward. The simplest, cheapest, mutually beneficial solution here is for them to partially implement the query endpoint so it responds to their own server name. That's pretty low effort, and it allows them to stop using the inferior endpoint so it can be feasible to deprecate it.
You're stating a fact, yes. It doesn't trust the adversary for the keys which defend against the adversary. Fact. Stated. Taken. |
Also, keys can be obtained indirectly with the
|
And to dendrite as well: matrix-org/dendrite#1435 |
When fetching the keys of other servers, Construct uses the
POST /_matrix/key/v2/query
endpoint instead ofGET /_matrix/key/v2/server/{keyId}
. The former endpoint is meant for querying the keys of multiple different server from one trusted key server, while the latter is meant for fetching the server's own keys.The problem is that many work-in-progress server implementations (e.g. Dendrite and Conduit) don't implement the mass query endpoint yet, which means Construct is unable to fetch their keys. Construct also doesn't use trusted key servers, which means it can't get the keys via another server either.
The text was updated successfully, but these errors were encountered: