Open ara4n opened 7 years ago
there appears to be a 24h grace period after which perspectives servers start trusting the new key.
I'm not really sure where the 24h idea comes from. AFAIK you can basically start using a new key immediately.
MSC1228 stops referring to a lot of things by human readable names as their main identifier, will that happen for homeservers too? Currently a homeservers main identifier is their server_name, but they also have a signing key which could be used as the main identifier, which would solve this.
[edited by @richvdh to remove inaccurate/outdated text]
Currently, if your HS's signing keys change (due to deleting them, or pointing your DNS at a different HS - e.g. after a domain name is recycled or something more nefarious), there appears to be a 24h grace period after which perspectives servers start trusting the new key.Per the security considerations in the S2S spec:
We need to find a proper solution to let folks legitimately recycle domain names
or change signing keys, without risk of hijacking the existing accounts of users.@VShell just voiced a proposal in #matrix-dev:
alternatively, presumably this could also be handled with much smarter semantics in perspectives for pinning signing keys, revoking them, and generally having a more sophisticated trust model.