Remove reliance on sender key for finding inbound group sessions
Closed, ResolvedPublicCHORE
Actions

Assigned To

Authored By

	tusooa
	Jun 23 2024, 7:18 PM

Tags

Referenced Files

None

Subscribers

Description

https://spec.matrix.org/v1.11/client-server-api/#mmegolmv1aes-sha2

As of v1.3, the sender_key and device_id keys are deprecated. They SHOULD continue to be sent, however they MUST NOT be used to verify the message’s source.

Clients MUST NOT store or lookup sessions using the sender_key or device_id.

In a future version of the specification the keys can be removed completely, including for sending new messages.

Related Objects

Mentioned In: rL69e4fb74ed3b: Do not verify sender key and sender device id for megolm events
rLc88a22ba5c4b: Remove sender key from KeyOfGroupSession
D70: Do not verify sender key and sender device id for megolm events
D69: Remove sender key from KeyOfGroupSession

Event Timeline

tusooa created this task.Jun 23 2024, 7:18 PM

tusooa claimed this task.Jun 23 2024, 7:54 PM

tusooa mentioned this in D69: Remove sender key from KeyOfGroupSession.Jun 23 2024, 7:57 PM

tusooa moved this task from Chores to Review on the the Kazv Project board.Jun 23 2024, 7:57 PM

tusooa mentioned this in D70: Do not verify sender key and sender device id for megolm events.Jun 23 2024, 9:12 PM

tusooa mentioned this in rLc88a22ba5c4b: Remove sender key from KeyOfGroupSession.Jul 3 2024, 6:34 PM

tusooa mentioned this in rL69e4fb74ed3b: Do not verify sender key and sender device id for megolm events.

tusooa closed this task as Resolved.Jul 5 2024, 9:23 AM