`key/v2/server` response contains absolute timestamps, which are vulnerable to clock drift

[DMRobertson]

Link to problem area: https://spec.matrix.org/v1.6/server-server-api/#get_matrixkeyv2server

Issue The valid_until_ms field is an absolute timestamp. If your homeserver's clock is out of sync with the other homeserver's clock, your homeserver may consider the verify_keys to have already expired, if the valid_until_ms timestamp is in the past according to your clock.

This is relatively minor and unlikely to cause pain in practice, because I expect:

• keys are changed infrequently
• most servers' clocks are synchronised enough via e.g. NTP to make this kind of drift unlikely.

Expected behaviour New version of the endpoint that returns a duration (effectively a TTL) field instead of the valid_until_ms field.

[MTRNord]

Hm would a duration change the issue though? You would still need a valid clock time to figure out when that ttl/duration ends. Or am I misunderstanding where/how this duration is meant to be calculated?

[turt2live]

A duration also can't be signed by other servers (if your server happens to be down, your server can try to get the keys from elsewhere)