device key validation needed #219
Labels
A-Client-Server
Issues affecting the CS API
feature
Suggestion for a significant extension which needs considerable consideration
Comments
turt2live
added
the
feature
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The e2e spec says:
'The Matrix protocol provides a basic mechanism for exchange of public keys, though an out-of-band channel is required to exchange fingerprints between users to build a web of trust.'
unfortunately though we don't have any mechanism for monitoring or building a web of trust at the moment; so the whole device key system provides nothing - it could all be subverted by a bad HS that decided to generate it's own device keys instead of passing on the keys from a real device.
Some thoughts:
a) A mechanism for HS to be able to provide device-keys to anyone who asked so that a device owner could poke other HSs to see if his device-keys are being correctly propagated.
b) Clients could upload device-IDs/public device keys to a decentralised list so people could monitor for bad keys.
c) A message type to sign a device key with another device key (i.e. 'you trust I own this device, I've just got another')
d) A message type to sign a device key with an external mechanism (e.g. sign a key with a gpg key).
e) A mechanism to allow to users to cross sign each others device keys when they physically meet (neat idea: NFC handshake somehow?)
Dave
The text was updated successfully, but these errors were encountered: