From bf9c9314a21af221b90fa59b169c8273019ef5ea Mon Sep 17 00:00:00 2001 From: Kierre Date: Wed, 22 Oct 2025 17:02:57 -0400 Subject: [PATCH 1/9] Server opt-out of specific EDU types --- proposals/XXXX-edu-types.md | 47 +++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 proposals/XXXX-edu-types.md diff --git a/proposals/XXXX-edu-types.md b/proposals/XXXX-edu-types.md new file mode 100644 index 00000000000..7d6c889eee5 --- /dev/null +++ b/proposals/XXXX-edu-types.md @@ -0,0 +1,47 @@ +# MSCXXXX: Server opt-out of specific EDU types + +Some servers may wish to not receive specific types of EDUs, such as presence, to +cut down on the amount of bandwidth used (as an example). + +## Proposal + +### `GET /_matrix/federation/v1/edutypes` + +This endpoint dictates what types of EDUs the server wishes to receive. + +The server should reply with a list of EDU types: + +```json +{ + "read_receipts": true, + "presence": true, + "typing": true +} +``` + +Other types of EDUs (signing key updates, device lists, to-device messaging) +are likely unsafe to opt-out of and thus must not be included. + +This endpoint should not require authentication as nothing too sensitive is +revealed by having it as such. + +## Potential issues + +Older homeservers (or simply non-compliant ones) will still send unwanted EDUs, +although these can just be discarded. + +## Alternatives + +None. + +## Security considerations + +None. + +## Unstable prefix + +`/_matrix/federation/unstable/io.fsky.vel/edutypes` + +## Dependencies + +None. From 86bb0a9d097fae9090acf6a53e707331600420a2 Mon Sep 17 00:00:00 2001 From: Kierre Date: Wed, 22 Oct 2025 17:05:29 -0400 Subject: [PATCH 2/9] MSC number --- proposals/{XXXX-edu-types.md => 4373-edu-types.md} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename proposals/{XXXX-edu-types.md => 4373-edu-types.md} (95%) diff --git a/proposals/XXXX-edu-types.md b/proposals/4373-edu-types.md similarity index 95% rename from proposals/XXXX-edu-types.md rename to proposals/4373-edu-types.md index 7d6c889eee5..9e0499608e2 100644 --- a/proposals/XXXX-edu-types.md +++ b/proposals/4373-edu-types.md @@ -1,4 +1,4 @@ -# MSCXXXX: Server opt-out of specific EDU types +# MSC4373: Server opt-out of specific EDU types Some servers may wish to not receive specific types of EDUs, such as presence, to cut down on the amount of bandwidth used (as an example). From eda5d6ec5428ee9e5a85b87f94194d591d6bb09e Mon Sep 17 00:00:00 2001 From: Kierre Date: Wed, 22 Oct 2025 22:45:02 -0400 Subject: [PATCH 3/9] Clarify and use the already established types --- proposals/4373-edu-types.md | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/proposals/4373-edu-types.md b/proposals/4373-edu-types.md index 9e0499608e2..23a5ad66b68 100644 --- a/proposals/4373-edu-types.md +++ b/proposals/4373-edu-types.md @@ -9,21 +9,32 @@ cut down on the amount of bandwidth used (as an example). This endpoint dictates what types of EDUs the server wishes to receive. -The server should reply with a list of EDU types: +The response for this endpoint is shaped like the following: ```json { - "read_receipts": true, - "presence": true, - "typing": true + "m.presence": false, + "m.typing": true, + "m.read": true } ``` -Other types of EDUs (signing key updates, device lists, to-device messaging) -are likely unsafe to opt-out of and thus must not be included. +The allowed types are: +* `m.presence` +* `m.typing` +* `m.read` -This endpoint should not require authentication as nothing too sensitive is -revealed by having it as such. +Other types of EDUs (signing key updates, device lists, to-device messaging, etc) +are likely unsafe to opt-out of. + +This endpoint MUST NOT require authentication, but if provided, follow the normal +verification process. + +If the EDU type is listed, and is set to `false`, any EDUs of that type +SHOULD NOT be sent to the target homeserver. + +If the EDU type is set to `true`, the EDU MAY be sent to the target homeserver, +unless other factors disallow it (such as room ACLs, where that is relevant). ## Potential issues From 09f5f9e88948d42ea5aee13cd07886522f2767e7 Mon Sep 17 00:00:00 2001 From: Kierre Date: Wed, 22 Oct 2025 22:53:19 -0400 Subject: [PATCH 4/9] the "but if" makes this a SHOULD NOT --- proposals/4373-edu-types.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/4373-edu-types.md b/proposals/4373-edu-types.md index 23a5ad66b68..b115d0217e3 100644 --- a/proposals/4373-edu-types.md +++ b/proposals/4373-edu-types.md @@ -27,7 +27,7 @@ The allowed types are: Other types of EDUs (signing key updates, device lists, to-device messaging, etc) are likely unsafe to opt-out of. -This endpoint MUST NOT require authentication, but if provided, follow the normal +This endpoint SHOULD NOT require authentication, but if provided, follow the normal verification process. If the EDU type is listed, and is set to `false`, any EDUs of that type From c0e1c127af5b0865ea11545024493ad968a0dee2 Mon Sep 17 00:00:00 2001 From: Kierre Date: Wed, 22 Oct 2025 22:57:18 -0400 Subject: [PATCH 5/9] Caching --- proposals/4373-edu-types.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/proposals/4373-edu-types.md b/proposals/4373-edu-types.md index b115d0217e3..20e9429df8d 100644 --- a/proposals/4373-edu-types.md +++ b/proposals/4373-edu-types.md @@ -36,6 +36,8 @@ SHOULD NOT be sent to the target homeserver. If the EDU type is set to `true`, the EDU MAY be sent to the target homeserver, unless other factors disallow it (such as room ACLs, where that is relevant). +The endpoint response SHOULD be cached, for a week at maximum. + ## Potential issues Older homeservers (or simply non-compliant ones) will still send unwanted EDUs, From 6401f455d190f3bf4967a18643211f42acd53ec9 Mon Sep 17 00:00:00 2001 From: Kierre Date: Wed, 22 Oct 2025 23:11:58 -0400 Subject: [PATCH 6/9] m.read -> m.receipt --- proposals/4373-edu-types.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/proposals/4373-edu-types.md b/proposals/4373-edu-types.md index 20e9429df8d..530b02d64f1 100644 --- a/proposals/4373-edu-types.md +++ b/proposals/4373-edu-types.md @@ -14,15 +14,15 @@ The response for this endpoint is shaped like the following: ```json { "m.presence": false, - "m.typing": true, - "m.read": true + "m.receipt": true, + "m.typing": true } ``` The allowed types are: * `m.presence` +* `m.receipt` * `m.typing` -* `m.read` Other types of EDUs (signing key updates, device lists, to-device messaging, etc) are likely unsafe to opt-out of. From 4e744a48b5312c3075c0123f4c4830bc83162f22 Mon Sep 17 00:00:00 2001 From: Kierre Date: Wed, 22 Oct 2025 23:21:05 -0400 Subject: [PATCH 7/9] Add explicit note about ignoring these EDUs --- proposals/4373-edu-types.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/proposals/4373-edu-types.md b/proposals/4373-edu-types.md index 530b02d64f1..6cb9442c8b0 100644 --- a/proposals/4373-edu-types.md +++ b/proposals/4373-edu-types.md @@ -31,7 +31,8 @@ This endpoint SHOULD NOT require authentication, but if provided, follow the nor verification process. If the EDU type is listed, and is set to `false`, any EDUs of that type -SHOULD NOT be sent to the target homeserver. +SHOULD NOT be sent to the target homeserver. The target server MUST ignore +EDUs of these types. If the EDU type is set to `true`, the EDU MAY be sent to the target homeserver, unless other factors disallow it (such as room ACLs, where that is relevant). From 0ff8b0393009d090ca41084b6520fdd44f938eda Mon Sep 17 00:00:00 2001 From: Kierre Date: Thu, 23 Oct 2025 04:19:31 -0400 Subject: [PATCH 8/9] Add proper alternatives, clarify absent keys and caching --- proposals/4373-edu-types.md | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/proposals/4373-edu-types.md b/proposals/4373-edu-types.md index 6cb9442c8b0..2d58000dc73 100644 --- a/proposals/4373-edu-types.md +++ b/proposals/4373-edu-types.md @@ -34,19 +34,28 @@ If the EDU type is listed, and is set to `false`, any EDUs of that type SHOULD NOT be sent to the target homeserver. The target server MUST ignore EDUs of these types. -If the EDU type is set to `true`, the EDU MAY be sent to the target homeserver, -unless other factors disallow it (such as room ACLs, where that is relevant). +If the EDU type is set to `true` or absent, the EDU SHOULD be sent to the target +homeserver, unless other factors disallow it (such as room ACLs, where that is +relevant). -The endpoint response SHOULD be cached, for a week at maximum. +The endpoint response SHOULD be cached. Servers SHOULD read the `Cache-Control` +HTTP header, and max it out at a week, using a week if the header is absent +or malformed. ## Potential issues Older homeservers (or simply non-compliant ones) will still send unwanted EDUs, -although these can just be discarded. +although these can just be ignored. ## Alternatives -None. +An explicit allowlist is recommended over allowing everything with a list of keys +that SHOULD NOT be put in the list, to ensure important information in new EDU types +is not ignored or not sent to homeservers. + +While the alternative design is more flexible, it introduces unnecessary risk by +defaulting to allowing filtering of all EDU types, which is bad for the reasons +described above. ## Security considerations From 85767fc9d4d77a4603f3c33fa66a605ad1838a44 Mon Sep 17 00:00:00 2001 From: Kierre Date: Mon, 27 Oct 2025 08:38:29 -0400 Subject: [PATCH 9/9] EDU MAY be sent --- proposals/4373-edu-types.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/4373-edu-types.md b/proposals/4373-edu-types.md index 2d58000dc73..67aaabf8786 100644 --- a/proposals/4373-edu-types.md +++ b/proposals/4373-edu-types.md @@ -34,7 +34,7 @@ If the EDU type is listed, and is set to `false`, any EDUs of that type SHOULD NOT be sent to the target homeserver. The target server MUST ignore EDUs of these types. -If the EDU type is set to `true` or absent, the EDU SHOULD be sent to the target +If the EDU type is set to `true` or absent, the EDU MAY be sent to the target homeserver, unless other factors disallow it (such as room ACLs, where that is relevant).