[Members] Looking at the Matrix e2e specs...

Dave Cridland dave at cridland.net
Fri Jan 10 15:32:23 UTC 2020


Those are the "prekeys" (similar to client init keys in MLS), which need to
be published to somewhere other people can find them. For Matrix, that's a
service on the homeserver, for us it'd be PEP or some other service on the
user's bare jid.

In either case, it's not a centralized service.

On Fri, 10 Jan 2020 at 15:17, Winfried Tilanus <winfried at tilanus.com> wrote:

> Hi,
>
> Am I missing something while reading the Matrix e2e spec or does it rely
> on the Matrix server for distributing the public keys:
>
> <quote>
> Creating and registering device keys
>
> This process only happens once, when a device first starts.
>
> It must create the Ed25519 fingerprint key pair and the Curve25519
> identity key pair. This is done by calling olm_create_account in libolm.
> The (base64-encoded) keys are retrieved by calling
> olm_account_identity_keys. The account should be stored for future use.
>
> It should then publish these keys to the homeserver, which is done by
> using the device_keys property of the /keys/upload endpoint.
>
> In order to sign the device_keys payload as described in Signing JSON,
> clients should call olm_account_sign.
> </quote>
>
> And does it combine that with leap of faith verification of the key
> fingerprint by default?
>
> last line of "Downloading the device list for users in the room"):
> <quote>
> Otherwise the client stores the information about this device.
> </quote>
>
> If anybody know more about this, please let me know!
>
> thanks,
>
> Winfried
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/members/attachments/20200110/db635079/attachment.html>


More information about the Members mailing list