Improve the server key exchange portion of the s2s specification #1423
Conversation
turt2live
added
the
blocked
turt2live
force-pushed
the
travis/s2s/keys
branch
2 times, most recently
from
debc062 to
5fb786b
Compare
turt2live
force-pushed
the
travis/s2s/keys
branch
from
5fb786b to
87d1672
Compare
Most of the text has been shuffled into the swagger definitions to bring it closer to where it matters. This also attempts to clarify what is out in the wild. Most importantly, the first version of the key exchange is outright removed from the specification. Other research points/questions are: * What is a "Key ID"? * https://github.com/matrix-org/synapse/blob/1241156c82644d5609f45659607a356af5d8fe08/synapse/rest/key/v2/local_key_resource.py#L81-L83 * https://github.com/matrix-org/synapse/blob/1241156c82644d5609f45659607a356af5d8fe08/synapse/rest/key/v2/local_key_resource.py#L88-L91 * Returning a cached response if the server throws a 400, 500, or otherwise not-offline status code * https://github.com/matrix-org/synapse/blob/1241156c82644d5609f45659607a356af5d8fe08/synapse/rest/key/v2/remote_key_resource.py#L227-L229 * `minimum_valid_until_ts` default * This branch of the ladder: https://github.com/matrix-org/synapse/blob/1241156c82644d5609f45659607a356af5d8fe08/synapse/rest/key/v2/remote_key_resource.py#L192 * Returning empty arrays when querying offline/no servers * Queried by hand against matrix.org as a notary server with a fake domain name to query * Returning all keys even when querying for specific keys * Queried by hand using matrix.org as a notary server against a server publishing multiple keys. The examples and descriptions were also improved as part of this commit.
turt2live
force-pushed
the
travis/s2s/keys
branch
from
87d1672 to
8e97b0c
Compare
turt2live
removed
the
blocked
| required: true | ||
| example: "Base+64+Encoded+Signature+Verification+Key" | ||
| example: "VGhpcyBzaG91bGQgYmUgYSByZWFsIGVkMjU1MTkgcGF5bG9hZA==" |
There was a problem hiding this comment.
if it's unpadded base64... why is this padded?
There was a problem hiding this comment.
(this is a theme throughout the examples)
There was a problem hiding this comment.
because I did the examples before the docs in this case. Will fix.
| } | ||
| } | ||
| properties: | ||
| expired_ts: | ||
| type: integer | ||
| format: int64 | ||
| description: The expiration time. | ||
| description: POSIX timestamp for when this key expired. |
There was a problem hiding this comment.
normally we explicitly say it's in ms.
| } | ||
| } | ||
| properties: | ||
| expired_ts: | ||
| type: integer | ||
| format: int64 | ||
| description: The expiration time. | ||
| description: POSIX timestamp for when this key expired. | ||
| required: true | ||
| example: 922834800000 |
There was a problem hiding this comment.
It's from 1999. Considering this is the "expired" parameter, it seems fine? (it's also ported from ancient docs)
Edit: will make more modern.
There was a problem hiding this comment.
Yeah, the problem is that I expect timestamps to start with 14 or 15 or so; when I see one starting with a 9 I wonder if it is actually a posix timestamp.
api/server-server/keys_query.yaml
Outdated
| description: |- | ||
| Query for keys from multiple servers in a batch format. The receiving (notary) | ||
| server must sign the keys returned by the queried servers. | ||
| operationId: postQueryKeys |
There was a problem hiding this comment.
I'm not sure this is a better operationId
api/server-server/keys_server.yaml
Outdated
| description: |- | ||
| Gets the homeserver's published TLS fingerprints and signing keys. | ||
| The homeserver may have any number of active keys and may have a | ||
| number of old keys. Homeservers SHOULD return a single JSON object |
There was a problem hiding this comment.
I'm not sure they SHOULD... tbh I think it's a bug in synapse that they do.
maybe we should deprecate the keyId parameter?
There was a problem hiding this comment.
Deprecating seems best, given both synapse and dendrite ignore it.
api/server-server/keys_server.yaml
Outdated
| operationId: getServerKey | ||
| parameters: | ||
| - in: path | ||
| name: keyId | ||
| type: string | ||
| description: Key ID | ||
| description: |- | ||
| The key ID to look up. If omitted or empty, all server keys are |
There was a problem hiding this comment.
this conflicts with the text in the description,
There was a problem hiding this comment.
How so? The argument is optional, so the last bit here is to reinforce what should happen when the parameter isn't provided.
There was a problem hiding this comment.
well, it's incorrect by omission. Apparently it should be ignored?
There was a problem hiding this comment.
I suppose. Will update alongside deprecation.
specification/server_server_api.rst
Outdated
|
|
||
| Each homeserver publishes its public keys under ``/_matrix/key/v2/server/``. | ||
| Homeservers query for keys by either getting ``/_matrix/key/v2/server/`` | ||
| Each homeserver publishes its public keys under ``/_matrix/key/v2/server/{keyId}`. |
| @@ -87,10 +97,12 @@ properties: | |||
| properties: | |||
| sha256: | |||
| type: string | |||
| description: The encoded fingerprint. | |||
| example: Base+64+Encoded+SHA-256-Fingerprint | |||
| description: The `Unpadded Base64`_ encoded fingerprint | |||
There was a problem hiding this comment.
given we now say this is unpadded base64, we can probably remove it from the description on tls_fingerprints.
| description: |- | ||
| Public keys of the homeserver for verifying digital signatures. | ||
|
|
||
| The object's key is the algorithm and version combined (``ed25519`` being the |
There was a problem hiding this comment.
We should have some words here about what constitutes a valid version. I don't know if you want to grasp that particular nettle right now though.
There was a problem hiding this comment.
Looks like synapse uses [a-zA-Z0-9_] - is it fair to say that it must match that regex?
There was a problem hiding this comment.
yeah, that sounds good. let's go with it.
There was a problem hiding this comment.
|
@richvdh should be updated. Please take another look. |
|
\o/ one down, half a billion to go :) Thanks for taking a look |
Rendered: See "docs" commit status.
Most of the text has been shuffled into the swagger definitions to bring it closer to where it matters.
This also attempts to clarify what is out in the wild. Most importantly, the first version of the key exchange is outright removed from the specification. Other research points/questions are:
minimum_valid_until_tsdefaultThe examples and descriptions were also improved as part of this commit.