Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSC2260: Update the auth rules for m.room.aliases events #2260

Closed
wants to merge 9 commits into from
49 changes: 49 additions & 0 deletions proposals/2260-change-aliases-auth-rules.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
# MSC2260: Update the auth rules for `m.room.aliases` events
richvdh marked this conversation as resolved.
Show resolved Hide resolved

## Background

Currently, `m.room.aliases` is subject to specific [authorization
rules](https://matrix.org/docs/spec/rooms/v1#authorization-rules). When these
rules were introduced, the intention was that `m.room.aliases` would be
maintained as an up-to-date list of the aliases for the room. However, this has
not been successful, and in practice the `m.room.aliases` event tends to drift
out of sync with the aliases (https://github.com/matrix-org/matrix-doc/issues/2262).

Meanwhile, `m.room.aliases` is open to abuse by remote servers who can add spam
or offensive aliases (https://github.com/matrix-org/matrix-doc/issues/625).

## Proposal

`m.room.aliases` exists to advertise the aliases available for a given
room. This is an ability which should be restricted to privileged users in the
room.

Therefore, the special-case for `m.room.aliases` is to be removed from the
[authorization
rules](https://matrix.org/docs/spec/rooms/v1#authorization-rules). `m.room.aliases`
would instead be authorised following the normal rules for state events.
ara4n marked this conversation as resolved.
Show resolved Hide resolved

As a corollary, only users with the power level necessary to send the
`m.room.aliases` state event will be allowed to add entries to the room
directory. Server admins will continue to be able to remove entries from the
directory even if they do not have the right to send the `aliases` event (in
which case the `m.room.aliases` event will become outdated).

It also be logical to allow the contents of `m.room.aliases` events to be
richvdh marked this conversation as resolved.
Show resolved Hide resolved
redacted, as per [MSC2261](https://github.com/matrix-org/matrix-doc/issues/2261).

## Tradeoffs

Perhaps we could instead allow room admins the ability to redact malicious
`aliases` events? Or to issue new ones?

## Potential issues

1. This will bake in https://github.com/matrix-org/synapse/issues/1477 in a way
that cannot be fixed in the case that the server admin doesn't have ops in
the room.

2. This would allow room operators to add 'fake' aliases: for example, I could
create a room and declare one of its aliases to be
`#matrix:matrix.org`. It's not obvious that this will cause any problems in
practice, but it might lead to some confusion.