Skip to content

MSC4464: verifiable links in profile#4464

Open
dozro wants to merge 11 commits into
matrix-org:mainfrom
dozro:proposal/verifiable-links-in-profile
Open

MSC4464: verifiable links in profile#4464
dozro wants to merge 11 commits into
matrix-org:mainfrom
dozro:proposal/verifiable-links-in-profile

Conversation

@dozro
Copy link
Copy Markdown

@dozro dozro commented May 8, 2026
edited
Loading

Rendered

Follow-up for MSC4462

dozro added 8 commits May 7, 2026 01:45
@dozro
initial commit of draft followup MSC
38e7ca2 
Signed-off-by: Rye <git@itsrye.dev>
@dozro
Clarify 'scope' field in verification results
6a12c94 
Clarify the role of the 'scope' field in verification.
@dozro
updated naming in line with updates to MSC4462
c7d4174 
Signed-off-by: Rye <git@itsrye.dev>
@dozro
line wraps to 80
ebb3145 
Signed-off-by: Rye <git@itsrye.dev>
@dozro
added unstable prefix for dns record
5785a26 
Signed-off-by: Rye <git@itsrye.dev>
@dozro
clarification regarding errors and matrix backlink
8be2295 
Signed-off-by: Rye <git@itsrye.dev>
@dozro
expanding on possible alternatives
bceaa6e 
Signed-off-by: Rye <git@itsrye.dev>
@dozro
various changes
52c18da 
- ranging from grammar fixes `it's` -> `its`
- expanding on security considerations
- clarifying the `result` value for failed verifications
- expanded the motivation in the introduction section

Signed-off-by: Rye <git@itsrye.dev>
@dozro dozro changed the title MSCxxxx: verifiable links in profile MSC4464: verifiable links in profile May 8, 2026
dozro added 2 commits May 8, 2026 12:45
@dozro
updated MSC to include the actual MSC number
55f917f 
Signed-off-by: Rye <git@itsrye.dev>
@dozro
fix: uri -> link html element
1712887 
Signed-off-by: Rye <git@itsrye.dev>
turt2live
turt2live reviewed May 8, 2026
View reviewed changes
Comment thread proposals/4464-verifiable-links-in-profile.md
Copy link
Copy Markdown
Member

@turt2live turt2live May 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implementation requirements:

  • Server
  • Client

@turt2live turt2live added proposal A matrix spec change proposal client-server Client-Server API kind:feature MSC for not-core and not-maintenance stuff needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. labels May 8, 2026
@dozro dozro marked this pull request as ready for review May 8, 2026 20:41
@DidiDidi129
Copy link
Copy Markdown

DidiDidi129 commented May 9, 2026
edited
Loading

If it’s a work in progress should u mark as a draft for now?
Edit: Nvm I think it was a draft earlier but not anymore

@DidiDidi129
Copy link
Copy Markdown

DidiDidi129 commented May 9, 2026

I’m a little bit concerned that this would be used by bad actors for impersonation attacks

Eg they could spin up a homeserver without the requirements you outlined and make their profile link to any account they want.

@dozro
Copy link
Copy Markdown
Author

dozro commented May 9, 2026

I’m a little bit concerned that this would be used by bad actors for impersonation attacks

Eg they could spin up a homeserver without the requirements you outlined and make their profile link to any account they want.

@DidiDidi129 Since the verification is handled via the Client-to-Server (C2S) API rather than a Server-to-Server (S2S) protocol, the validation logic resides within the user's own homeserver.

Consequently, the security of this implementation relies on the integrity of the specific homeserver the user is registered with. While the trustworthiness of public homeservers is a valid point of discussion, the specific impersonation vector you mentioned, where a malicious actor spins up a rogue homeserver to affect others, is not feasible here, as their server would have no authority over the victim's verification process.

Note: Please use threads (reviews) for further technical discussions to keep the PR history organized.

@DidiDidi129
Copy link
Copy Markdown

DidiDidi129 commented May 9, 2026

I’m a little bit concerned that this would be used by bad actors for impersonation attacks

Eg they could spin up a homeserver without the requirements you outlined and make their profile link to any account they want.

@DidiDidi129 Since the verification is handled via the Client-to-Server (C2S) API rather than a Server-to-Server (S2S) protocol, the validation logic resides within the user's own homeserver.

Consequently, the security of this implementation relies on the integrity of the specific homeserver the user is registered with. While the trustworthiness of public homeservers is a valid point of discussion, the specific impersonation vector you mentioned, where a malicious actor spins up a rogue homeserver to affect others, is not feasible here, as their server would have no authority over the victim's verification process.

Note: Please use threads (reviews) for further technical discussions to keep the PR history organized.

Ahh yes that makes sense. Sorry for my comprehension issues lmao

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@turt2live turt2live turt2live left review comments

Assignees

No one assigned

Labels

client-server Client-Server API kind:feature MSC for not-core and not-maintenance stuff needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. proposal A matrix spec change proposal

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dozro @DidiDidi129 @turt2live