[Members] Looking at the Matrix e2e specs...

Winfried Tilanus winfried at tilanus.com
Mon Jan 13 16:11:36 UTC 2020


On 10-01-2020 16:32, Dave Cridland wrote:

Hi,

> Those are the "prekeys" (similar to client init keys in MLS), which need
> to be published to somewhere other people can find them. For Matrix,
> that's a service on the homeserver, for us it'd be PEP or some other
> service on the user's bare jid.

Diving deeper into the protocols: these keys in Matrix are not the
prekeys (like the keys OMEMO pushes to the server) but the device
identity keys...

Winfried


> 
> In either case, it's not a centralized service.
> 
> On Fri, 10 Jan 2020 at 15:17, Winfried Tilanus <winfried at tilanus.com
> <mailto:winfried at tilanus.com>> wrote:
> 
>     Hi,
> 
>     Am I missing something while reading the Matrix e2e spec or does it rely
>     on the Matrix server for distributing the public keys:
> 
>     <quote>
>     Creating and registering device keys
> 
>     This process only happens once, when a device first starts.
> 
>     It must create the Ed25519 fingerprint key pair and the Curve25519
>     identity key pair. This is done by calling olm_create_account in libolm.
>     The (base64-encoded) keys are retrieved by calling
>     olm_account_identity_keys. The account should be stored for future use.
> 
>     It should then publish these keys to the homeserver, which is done by
>     using the device_keys property of the /keys/upload endpoint.
> 
>     In order to sign the device_keys payload as described in Signing JSON,
>     clients should call olm_account_sign.
>     </quote>
> 
>     And does it combine that with leap of faith verification of the key
>     fingerprint by default?
> 
>     last line of "Downloading the device list for users in the room"):
>     <quote>
>     Otherwise the client stores the information about this device.
>     </quote>
> 
>     If anybody know more about this, please let me know!
> 
>     thanks,
> 
>     Winfried
> 


-- 
privacy strategist & privacy architect
+31.6.23303960
https://www.tilanus.com/


More information about the Members mailing list