New blog post! It's a quick overview over the different keys involved in #matrix 's new cross signing. https://jcg.re/blog/quick-overview-matrix-cross-signing/
@jcgruenhage so where does the msk live? on one device? every device? encrypted in the cloud?
@malte That depends on the specific implementation. The spec does not specify a place where this must be stored, it can be on a single, hardened device, at least in theory. Right now, only riot-web implements this fully, so practically you can only do what riot-web does, which is storing an encrypted copy on the matrix homeserver, decrypting it when needed.
@jcgruenhage this rocks :) it's a bit confusing to call the self-signing key a 'Device Signing Key' (DSK) rather than 'Self Signing Key' (SSK) though - as it sounds a bit like you'd use it to sign others' devices rather than your own?
@matrix Right, messed up the wording there, sorry. I should have checked that again, will fix it ^^
chaos.social – a Fediverse instance for & by the Chaos community