Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a signing-key pinning mechanism to the federation key APIs (SPEC-329) #148

Open
matrixbot opened this issue Jan 19, 2016 · 3 comments
Open

Add a signing-key pinning mechanism to the federation key APIs (SPEC-329) #148

matrixbot opened this issue Jan 19, 2016 · 3 comments
Labels
A-S2S Server-to-Server API (federation) enhancement A suggestion for a relatively simple improvement to the protocol p2

Comments

@matrixbot
Copy link
Member

Add a way for home-server operators to promise in the /key responses that they won't lose the private keys for their HS.

Then other HSes that have observed that key won't accept a different key for that domain, giving stronger guarantees against MITM attacks.

Something like https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning

(Imported from https://matrix.org/jira/browse/SPEC-329)

(Reported by @NegativeMjark)
@matrixbot
Copy link
Member Author

Jira watchers: @NegativeMjark

@matrixbot matrixbot added the p2 label Oct 28, 2016
@matrixbot matrixbot changed the title Add a certificate pinning mechanism to the federation key APIs Add a certificate pinning mechanism to the federation key APIs (SPEC-329) Oct 31, 2016
@matrixbot matrixbot added spec-bug Something which is in the spec, but is wrong enhancement A suggestion for a relatively simple improvement to the protocol and removed spec-bug Something which is in the spec, but is wrong labels Nov 7, 2016
@richvdh
Copy link
Member

richvdh commented Nov 7, 2016

Is this superceded?

@richvdh
Copy link
Member

richvdh commented Oct 16, 2017
edited
Loading

I don't think it is superceded; it is an idea that might help with #234.

@ara4n ara4n mentioned this issue Feb 6, 2018
Closed
@ara4n ara4n mentioned this issue Jun 18, 2018
Closed
@turt2live turt2live added the A-S2S Server-to-Server API (federation) label Feb 7, 2019
@richvdh richvdh changed the title Add a certificate pinning mechanism to the federation key APIs (SPEC-329) Add a signing-key pinning mechanism to the federation key APIs (SPEC-329) Apr 13, 2021
@richvdh richvdh transferred this issue from matrix-org/matrix-spec-proposals Mar 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-S2S Server-to-Server API (federation) enhancement A suggestion for a relatively simple improvement to the protocol p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@turt2live @richvdh @matrixbot