matrix-org · turt2live · Jun 4, 2019 · Nov 14, 2018 · Nov 14, 2018 · Nov 14, 2018
diff --git a/proposals/1719-olm_unwedging.md b/proposals/1719-olm_unwedging.md
@@ -0,0 +1,54 @@
+# Olm unwedging
+
+Olm sessions sometimes get out of sync, resulting in undecryptable messages.
+This proposal documents a method for devices to create a new session to replace
+the broken session.
+
+## Proposal
+
+When a device receives an olm-encrypted message that it cannot decrypt, it
+should assume that the olm session has become corrupted and create a new olm
+session to replace it.  It should then send a dummy message, using that
+session, to the other party in order to inform them of the new session.  To
+send a dummy message, clients may send an event with type `m.dummy`, and with
+empty contents.
+
+In order to avoid creating too many extra sessions, a client should rate-limit
+the number of new sessions it creates per device that it receives a message
+from; the client should not create a new session with another device if it has
+already created one for that given device in the past 1 hour.
+
+Clients may wish to ask the sender of the undecryptable messages to re-send the
+message.  For exampe, if the undecryptable message was a megolm session, then
+the client can send an
+[`m.room_key_request`](https://matrix.org/docs/spec/client_server/r0.4.0.html#m-room-key-request)
+message to request that the sender re-send the key.
+
+The spec currently says, "If a client has multiple sessions established with
+another device, it should use the session from which it last received a
+message." (the last paragraph of the [`m.olm.v1.curve25519-aes-sha2`
+section](https://matrix.org/docs/spec/client_server/r0.4.0.html#m-olm-v1-curve25519-aes-sha2)).
+When comparing the time of the last received message for each session, the
+client should consider only consider messages that were successfully decrypted,
+and for sessions that have never received a message, it should use the creation
+time of the session.  The spec will be changed to read:
+
+> If a client has multiple sessions established with another device, it should
+> use the session from which it last received and successfully decrypted a
+> message.  For these purposes, a session that has not received any messages
+> should use its creation time as the time that it last received a message.
+
+## Tradeoffs
+
+## Potential issues
+
+## Security considerations
+
+An attacker could use this to create a new session on a device that they are
+able to read. However, this would require the attacker to have compromised the
+device's keys.
+
+## Conclusion
+
+This proposal outlines how wedged olm sessions can be replaced by a new
+session.