Skip to content

Instantly share code, notes, and snippets.

@ara4n

ara4n/msc2260bis.md

Last active August 30, 2019 15:03
Show Gist options
  • Save ara4n/0ec423e7c321acbb53eed04ceb4dd7df to your computer and use it in GitHub Desktop.
Save ara4n/0ec423e7c321acbb53eed04ceb4dd7df to your computer and use it in GitHub Desktop.
Download ZIP
Mini proposal for fixing aliases (MSC2260bis)
Raw
msc2260bis.md

Mini proposal for fixing aliases

Problem

m.room.aliases tries to be a list of possible aliases for a given room; useful for discovering alternative routes into a room (for those already in the room), and for educating users about how Matrix works by illustrating multiple aliases per room. It also helps give a perception of the size of the network (look how many people found it useful to set an alias for this room!).

However, it has problems:

  • Anyone can create aliases for rooms, which are unilaterally added to m.room.aliases and cannot be removed by the room admin, allowing abuse.
  • m.room.aliases can get out of sync if server admins remove aliases from their server, or add new ones without updating the m.room.aliases for that room.

Solution

We let users define aliases for their rooms, but empower room admins to curate the alisaes which are advertised in m.room.aliases. This means:

  • Anyone can create/delete aliases in their server's room directory (modulo any implementation-specific restrictions the server imposes)
  • If the user has the PL required to set the m.room.aliases event for the room, these aliases get added to the room's state by the server on behalf of the user. Users can only set aliases event(s) for their own server.
    • (The user could also try to set this manually and deliberately desync the event, which is considered acceptable risk. In theory the client could weed these out by refusing to display aliases which don't point to the room. In practice, we could consider malicious aliases like these to be abusive and solve this problem via moderation, as per below).
  • To moderate the alias list, admins can redact malicious aliases, or set the PL for m.room.aliases to prevent randoms publishing addresses to their rooms in the first place.
  • When an alias is deleted on the server directory, that server should remove it from the m.room.aliases event (on behalf of that user) to keep the aliases event in sync with the directory.
@richvdh
Copy link

richvdh commented Aug 30, 2019

Yes, we can do that. That's equivalent to my proposal in MSC2260, with the added constraint that room admins cannot modify the aliases for a remote homeserver. That might be sensible, but I think it's still subject to all the issues at https://github.com/matrix-org/matrix-doc/blob/4d45afd2c53ce951502df742c5b76897a193de20/proposals/2260-change-aliases-auth-rules.md#potential-issues.

@ara4n
Copy link
Author

ara4n commented Aug 30, 2019

okay. i'll try to provide my feedback on 2260 then to get us aligned

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment