Ability to completely blacklist a domain/server from federating #3173
Comments
|
As a first step, you could offer direct blacklisting. I know it's not going to be as effective as blocking by event origin, but it's a start? That can't be very difficult to implement |
|
And, I'm super worried about just how infeasible this is going to be :(. You'll need the state events, no matter what because otherwise your state will differ and it won't match up with everyone else and it will cry. So we'd need to make sure that we don't blacklist state events. Regular messages would be fine if they didn't rely on prev_events but because they do you'd end up with huge swathes of disconnected DAG -- which might not be bad, or good. I don't know if synapse would have a fallback of attaching itself to the Most Recent Node™️ (which could mean many things). |
|
tbh I'd be perfectly okay with state events being rejected, however that does cause problems for everything. Events should at the very least be highly sanitized to prevent them from being troublesome. |
|
We had another request from this from @muppeth today - i misremembered and though I'd already implemented it. I guess the main problem here is that the problem is equivalent to server ACLs - and suffer from the same issues of server ACLs: that any servers which don't uphold ACLs will leak events, and so for the blacklist to work, you'd have to blacklist those servers too. So presumably the correct implementation of this would have to do just that (which might not be a bad thing, in terms of encouraging servers to actually implement server ACLs if they want to play nice in Matrix)... @richvdh, wdyt? |
|
Wouldn't that cause a cascading failure where the server eventually becomes isolated? If matrix.org doesn't blacklist evil.com, but example.org does, then example.org will have to blacklist matrix.org and whatever other servers decided to not blacklist evil.com. |
|
I'm afraid I don't quite understand what this is asking for that is different from ACLs? |
|
hum, yes. |
|
("hum, yes" was directed at @turt2live; github didn't show me @richvdh's comment). What this is asking for is the ability to blanket blacklist a server from participating in any room in your server. I.e. "i hate evil.net; i do not want arasphere.net talking to it or receiving any events from it". |
|
right, but it sounds like we're agreeing that's not a thing that is practical. So can we reject this bug? |
|
Yea, this is borderline impossible. Closing. |
This is related to, but not the same as, #1217. #2820 allows one to specify a whitelist for federation, but does not provide the option for a blacklist.
This should go a step further and prevent events/objects from the blacklisted servers as well. Just blocking traffic is not enough, synapse should also not reach out to get events, groups, etc from the blacklisted servers, including from other sources (ie: don't ask matrix.org for an event from a blacklisted server). This probably requires changes to how the DAG is handled to avoid inconsistent state.
The goal/use case is to prevent constantly bad acting servers from affecting a given synapse instance.
The text was updated successfully, but these errors were encountered: