From 8c4a11a92d2eac501e06659dff062d84d5c855ec Mon Sep 17 00:00:00 2001
From: Mark Haines <mjark@negativecurvature.net>
Date: Fri, 21 Oct 2016 15:13:20 +0100
Subject: Document the potential for message replays and possible mitigations

---
 docs/megolm.rst | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'docs')

diff --git a/docs/megolm.rst b/docs/megolm.rst
index 4929349..56e5f1d 100644
--- a/docs/megolm.rst
+++ b/docs/megolm.rst
@@ -274,6 +274,16 @@ bytes preceding the signature.
 Limitations
 -----------
 
+Message Replays
+---------------
+
+A message can be decrypted successfully multiple times. This means that a MITM
+server can send multiple copies of a message and they will successfully decrypt.
+
+To mitigate this it is recomendend that applications track the message indicies
+they have recieved and that they reject messages with indicies that they've
+already decrypted.
+
 Lack of Transcript Consistency
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-- 
cgit v1.2.3