Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MSC1921: Support cancelling 3pid validation sessions #1921

Open
wants to merge 1 commit into
base: old_master
Choose a base branch
from
Open

MSC1921: Support cancelling 3pid validation sessions #1921

wants to merge 1 commit into from

Conversation

turt2live
Copy link
Member

Rendered

As mentioned in the introduction, this was written in the context of working on element-hq/element-web#6560.

@turt2live turt2live changed the title Proposal to support cancelling 3pid validation sessions MSC1921: Support cancelling 3pid validation sessions Mar 8, 2019
Half-Shot
Half-Shot reviewed Mar 8, 2019
View reviewed changes
proposals/1921-cancel-3pid-sessions.md
believed by the author that the additional security of ensuring the requester has permission to actually
cancel the session is more worthwhile than trying to fail fast.

Servers should also be aware of a potential resource exhaustion vector where an attacker requests a token and
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Definitely something that should happen during token creation, but I wouldn't rate limit cancelToken especially harshly.

turt2live added a commit to matrix-org/matrix-react-sdk that referenced this pull request Mar 11, 2019
@turt2live
Provide an escape from the registration process
9794e32 
Fixes element-hq/element-web#6560

Would be better improved by matrix-org/matrix-spec-proposals#1921 or similar in the future.
@turt2live turt2live mentioned this pull request Mar 11, 2019
Merged
@anoadragon453
Copy link
Member

Is this still needed? Can we not just start another validation session and let the previous one eventually expire?

@turt2live
Copy link
Member Author

There's a whole introduction that explains why this is needed and why letting them expire naturally is insufficient.

This is still needed.

@turt2live turt2live added the kind:feature MSC for not-core and not-maintenance stuff label Apr 20, 2020
@turt2live turt2live added the needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. label Jun 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Half-Shot Half-Shot Half-Shot left review comments

Assignees
No one assigned
Labels
identity service kind:feature MSC for not-core and not-maintenance stuff needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. proposal A matrix spec change proposal
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@turt2live @anoadragon453 @Half-Shot