|
| 1 | +# MSC4163: Make ACLs apply to EDUs |
| 2 | + |
| 3 | +[Access Control Lists](https://spec.matrix.org/v1.11/client-server-api/#server-access-control-lists-acls-for-rooms) |
| 4 | +(also known as ACLs) are used to prevent other servers from participating in a room at a federation level, |
| 5 | +covering many federation API endpoints, including |
| 6 | +[`/send`](https://spec.matrix.org/v1.11/server-server-api/#put_matrixfederationv1sendtxnid). However, while ACLs |
| 7 | +are applied on a per-PDU basis on this endpoint, they are not applied to EDUs at all. Considering that some EDUs |
| 8 | +are specific to certain rooms (e.g. read receipts & typing indicators), it makes sense to apply ACLs to them as well. |
| 9 | + |
| 10 | + |
| 11 | +## Proposal |
| 12 | + |
| 13 | +All EDUs which are local to a specific room MUST have ACLs applied to them. This means that for the EDUs currently |
| 14 | +in the spec, ACLs would only apply to receipts and typing notifications. Examples of how ACLs should be enforced |
| 15 | +at the point of receiving a transaction for those two types of EDUs are as follows: |
| 16 | + - For |
| 17 | +[typing notifications (`m.typing`)](https://spec.matrix.org/v1.11/server-server-api/#typing-notifications), |
| 18 | +the `room_id` field inside `content` should be checked, with the typing notification ignored if the `origin` |
| 19 | +of the request is a server which is forbidden by the room's ACL. Ignoring the typing notification means that the EDU |
| 20 | +MUST be dropped upon receipt. |
| 21 | + - For [read receipts (`m.receipt`)](https://spec.matrix.org/v1.11/server-server-api/#receipts), all receipts |
| 22 | +inside a `room_id` inside `content` should be ignored if the `origin` of the request is forbidden by the |
| 23 | +room's ACL. |
| 24 | + |
| 25 | +## Potential issues |
| 26 | + |
| 27 | +None considered. |
| 28 | + |
| 29 | +## Alternatives |
| 30 | + |
| 31 | +Leave things as-is, which wouldn't be that big of a deal when you consider that this would only apply |
| 32 | +to typing notifications and read receipts currently, which don't allow for very significant disruption inside |
| 33 | +a room. However, as ACLs are meant to prevent certain servers from participating in a room at all, it makes |
| 34 | +sense to apply ACLs to EDUs which are local to certain rooms, as they are a form of participation. |
| 35 | + |
| 36 | +## Security considerations |
| 37 | + |
| 38 | +None considered. |
| 39 | + |
| 40 | +## Unstable prefix |
| 41 | + |
| 42 | +None required, as no new fields or endpoints are added. |
| 43 | + |
| 44 | +## Dependencies |
| 45 | + |
| 46 | +None. |
0 commit comments