Open matrixbot opened 8 years ago
Add a way for home-server operators to promise in the /key responses that they won't lose the private keys for their HS.
Then other HSes that have observed that key won't accept a different key for that domain, giving stronger guarantees against MITM attacks.
Something like https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
(Imported from https://matrix.org/jira/browse/SPEC-329)
(Reported by @NegativeMjark)
Jira watchers: @NegativeMjark
Is this superceded?
I don't think it is superceded; it is an idea that might help with https://github.com/matrix-org/matrix-spec/issues/234.
Add a way for home-server operators to promise in the /key responses that they won't lose the private keys for their HS.
Then other HSes that have observed that key won't accept a different key for that domain, giving stronger guarantees against MITM attacks.
Something like https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
(Imported from https://matrix.org/jira/browse/SPEC-329)
(Reported by @NegativeMjark)