Don't suggest token reuse for double-puppeting #6
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
While this mostly works, it means that there are now two clients A and B acting as the same logical [device]. The two clients are indistinguishable to a homeserver. Since to_device messages are delivered [exactly once] to each device, this means that there's a race between A and B to receive and acknowledge to_device messages. In the worst case, this can mean that one client can "miss" to_device messages. Instead, each client should register a unique (private) access token so that it appears as a unique device to the homeserver. See also [client authentication] in the spec. [device]: https://matrix.org/docs/spec/index#devices [exactly once]: https://matrix.org/docs/spec/client_server/r0.6.1#id70 [client authentication]: https://matrix.org/docs/spec/client_server/r0.6.1#client-authentication
tulir
approved these changes
Aug 23, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
While this mostly works, it means that there are now two clients A and B acting
as the same logical device. The two clients are indistinguishable to a
homeserver. Since to_device messages are delivered exactly once to each
device, this means that there's a race between A and B to receive and
acknowledge to_device messages. In the worst case, this can mean that one
client can "miss" to_device messages. (See matrix-org/synapse#9533), and
in particular this comment.
Instead, each client should register a unique (private) access token so that it
appears as a unique device to the homeserver. See also client authentication
in the spec.