Skip to content

Commit 626f721

Browse files
m13253m13253
committed
MSC4295: Bot bounce limit - a better loop prevention mechanism
1 parent 738e4a8 commit 626f721

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

proposals/4295-bot-bounce-limit.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ Here are some examples of multi-bot interactions and their needs for loop preven
1212
4. The room operator can run a "UTD notification bot" that notifies room members that their messages can't be decrypted by others. However, it is very important to prevent it from replying another bot's message.
1313
5. When bridging rooms across three or more platforms (e.g., Matrix ⇌ Telegram ⇌ IRC ⇌ Matrix), it is necessary to make sure each bridge doesn't pick up another bridge's messages.
1414
6. Bridges supporting double-puppeting needs to ignore messages sent by a reverse puppet. Although they already employ proprietary methods (e.g., vendor-prefixed tags like `fi.mau.double_puppet_source` or a list of ignored user IDs), it could be very useful to provide a standardized loop-preventing mechanism, allowing bridges from different vendors to work in harmony at the same room.
15+
1516
Currently, it is usually a room operator's responsibility to prevent bot loops, for example, by carefully configuring each bot's ignore list, ensuring all possible outputs of one bot don't contain trigger words of another bot, and removing unauthorized bots invited by some random member. Nonetheless, a well-maintained configuration can be very fragile, and the room operator may not be able to monitor the room at all times.
1617

1718
The goal of of this proposal is to:
@@ -201,7 +202,7 @@ There are two alternative considerations:
201202
1. Denial-of-Service
202203

203204
Bot loops can cause intentional or unintentional Denial-of-Service attacks. If two bots, one supports `m.bounce_limit` and the other doesn't, there could be a risk of causing bot loops, which leads to a Denial-of-Service. However, the severity is not worse than before. A room operator's typical responsiblity of keeping an eye on the bots hasn't changed, therefore, the room operator should be aware which bots don't support `m.bounce_limit` and configure accordingly.
204-
205+
s
205206
2. Information leakage from the cleartext `m.bounce_limit`.
206207

207208
This is discussed in the [Alternatives](#alternatives) section.

0 commit comments

Comments
 (0)