Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

document new key agreement method for SAS verification and deprecate old method #2687

Merged
merged 3 commits into from
Jul 23, 2020
Merged

document new key agreement method for SAS verification and deprecate old method #2687

merged 3 commits into from
Jul 23, 2020

Conversation

uhoreg
Copy link
Member

@uhoreg uhoreg commented Jul 13, 2020
edited
Loading

@uhoreg uhoreg marked this pull request as ready for review July 13, 2020 20:13
@uhoreg uhoreg requested a review from a team July 13, 2020 20:13
richvdh
richvdh approved these changes Jul 14, 2020
View reviewed changes
changelogs/client_server/newsfragments/2687.feature Outdated
@@ -0,0 +1 @@
Document new key agreement method for SAS verification, and deprecate old method (MSC2630).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Document new key agreement method for SAS verification, and deprecate old method (MSC2630).
Document `curve25519-hkdf-sha256` key agreement method for SAS verification, and deprecate old method (MSC2630).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

technically speaking, this is a breaking change. An existing client implementing the current version of the spec will be incompatible with a client implementing (only) the new version of the spec.

r0.6.0, r0.5.0, r0.3.0 and r0.1.0 all included minor breaking changes, and I'd propose doing much the same here.

What do others think?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's fine to remove the previous requirement of curve25519 always being present, but the same mistake should not be repeated by now requiring curve25519-hkdf-sha256 to always be present. Maybe the docs could say something like "for version r0.7.0, it is expected that client supports at least the curve25519-hkdf-sha256 key agreement protocol".

@poljar poljar mentioned this pull request Jul 14, 2020
Closed
@uhoreg uhoreg merged commit 53e2b99 into matrix-org:master Jul 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jplatte jplatte jplatte left review comments

@richvdh richvdh richvdh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@uhoreg @jplatte @richvdh