New blog post! It's a quick overview over the different keys involved in 's new cross signing.

@jcgruenhage so where does the msk live? on one device? every device? encrypted in the cloud?

@malte That depends on the specific implementation. The spec does not specify a place where this must be stored, it can be on a single, hardened device, at least in theory. Right now, only riot-web implements this fully, so practically you can only do what riot-web does, which is storing an encrypted copy on the matrix homeserver, decrypting it when needed.

@jcgruenhage this rocks :) it's a bit confusing to call the self-signing key a 'Device Signing Key' (DSK) rather than 'Self Signing Key' (SSK) though - as it sounds a bit like you'd use it to sign others' devices rather than your own?

@matrix Right, messed up the wording there, sorry. I should have checked that again, will fix it ^^

Sign in to participate in the conversation – a Fediverse instance for & by the Chaos community