matrix
/
matrix-doc
mirror of https://github.com/matrix-org/matrix-doc.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
matrix-doc/proposals/1929-admin-contact.md

59 lines
2.3 KiB
Markdown
Raw Permalink Blame History

# MSC 1929 Homeserver Admin Contact and Support page
Currently, contacting a homeserver admin is difficult because you need to have insider knowledge
of who the admin actually is. This proposal aims to fix that by specifying a way to add contact details
of admins, as well as a link to a support page for users who are having issues with the service.
This proposal aims to fix https://github.com/matrix-org/matrix-doc/issues/484
## Proposal
The proposal suggests adding a new endpoint: `.well-known/matrix/support`.
The file would contain:
```javascript
{
admins: [{
mxid: "@admin:domain.tld",
email: "admin@domain.tld",
role: "admin" # If omitted, the default will be "admin"
},
{
email: "security@domain.tld",
role: "security"
}],
support_page: "https://domain.tld/support.html"
}
```
The `mxid` and `email` do NOT need to have the same domain as the homeserver. It is expected that
a server will have a "backup" contact address if the server is down, like an email.
Entries may have a `mxid` OR an `email`, but at least one MUST be specified.
`role` is an informal description of what the address(es) are used for. The only two specified in this
proposal are "admin" and "security." Admins are a catchall user for any queries, where security is intended
for sensitive requests.
`support_page` is a optional property to specify a affiliated page of the homserver to give users help
specific to their installation.
## Alternative solutions
Hardcode a given user localpart that should be used as an admin address.
- The account would need to either internally redirect messages intended for @admin:domain.tld to another account(s)
- OR require an admin to regularly sign into this special account to check for messages. Neither of which is useful.
Specify the same content inside a homeserver endpoint, rather than use `.well-known`.
- This requires the homeserver to be up or responsive, which might be not very useful if trying to report issues with
connectivity.
Use vCards.
- vCards would add bloat, as the vast majority of a vcards contents is not useful for contacting an admin.
## Security considerations
If the host is compromised, any information could be specified in the well known file which may direct users to send
sensitive information to a malicious user.
Reference in New Issue View Git Blame Copy Permalink