index : matrix-js-sdk

My fork of matrix-js-sdk

path: root/docs/warning-on-unverified-devices.txt
diff options
authorMatthew Hodgson <[email protected]>2017-01-21 17:36:26 +0000
committerMatthew Hodgson <[email protected]>2017-01-21 17:36:26 +0000
commit247deacbb79a994476ca70ee29a38e70de7c158e (patch)
treecceceb3579c47b455130173f04f5a334466241f2 /docs/warning-on-unverified-devices.txt
parente79926db6ce7ce99831eea21a810cf830031c5e4 (diff)
some incoherent jottings on the warning semantics
Diffstat (limited to 'docs/warning-on-unverified-devices.txt')
1 files changed, 31 insertions, 0 deletions
diff --git a/docs/warning-on-unverified-devices.txt b/docs/warning-on-unverified-devices.txt
new file mode 100644
index 00000000..e3a6c567
--- /dev/null
+++ b/docs/warning-on-unverified-devices.txt
@@ -0,0 +1,31 @@
+Random notes from Matthew on the two possible approaches for warning users about unexpected
+unverified devices popping up in their rooms....
+Original idea...
+Warn when an existing user adds an unknown device to a room.
+Warn when a user joins the room with unverified or unknown devices.
+Warn when you initial sync if the room has any unverified devices in it.
+ ^ this is good enough if we're doing local storage.
+ OR, better:
+Warn when you initial sync if the room has any new undefined devices since you were last there.
+ => This means persisting the rooms that devices are in, across initial syncs.
+Updated idea...
+Warn when the user tries to send a message:
+ - If the room has unverified devices which the user has not yet been told about in the context of this room
+ ...or in the context of this user? currently all verification is per-user, not per-room.
+ ...this should be good enough.
+ - so track whether we have warned the user or not about unverified devices - blocked, unverified, verified, unverified_warned.
+ throw an error when trying to encrypt if there are pure unverified devices there
+ app will have to search for the devices which are pure unverified to warn about them - have to do this from MembersList anyway?
+ - or megolm could warn which devices are causing the problems.
+Why do we wait to establish outbound sessions? It just makes a horrible pause when we first try to send a message... but could otherwise unnecessarily consume resources? \ No newline at end of file