Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Fetch keys directly before using trusted key servers #6110

Closed
wants to merge 2 commits into from
Closed

Fetch keys directly before using trusted key servers #6110

wants to merge 2 commits into from

Conversation

erikjohnston
Copy link
Member

Fixes #6086.

@erikjohnston erikjohnston requested a review from a team September 25, 2019 12:29
@richvdh
Copy link
Member

richvdh commented Sep 25, 2019

The thing to note about this, which I meant to write in #6086 but forgot, is that I worry about what it will do for the experience of joining a large room for the first time.

When you join a big room, we have to get hundreds of server keys. Currently that all goes in one big request to matrix.org. If we make it so that we go to the key server first... well, I expect they'll all time out and we'll end up going back to matrix.org anyway (and that failing too, because the cpu is still pinned).

@erikjohnston
Copy link
Member Author

Ah, I guess in which case we should probably test this a bit

richvdh
richvdh reviewed Sep 26, 2019
View reviewed changes
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so the code looks fine, but... I'm unsure this is a good plan.

@army1349
Copy link

army1349 commented Oct 7, 2019

It seems to me that there should be no such thing as trusted key server in federated environment.

@richvdh
Copy link
Member

richvdh commented Oct 7, 2019

we've decided to park this in favour of waiting for MSC1228 (for now, at least)

@richvdh richvdh closed this Oct 7, 2019
@erikjohnston erikjohnston deleted the erikj/fetch_directly_first branch January 9, 2020 15:49
@richvdh richvdh mentioned this pull request Oct 8, 2020
Open
@hex-m
Copy link

hex-m commented Jun 16, 2021

It seems to me that there should be no such thing as trusted key server in federated environment.

Actually the idea would be that there should be multiple. (spec)

It has the advantage of avoiding a single trust-root since each server is free to pick which notary servers they trust and can corroborate the keys returned by a given notary server by querying other servers.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@richvdh richvdh richvdh left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fetch signing-keys directly from servers before falling back to the trusted_key_servers
4 participants
@erikjohnston @richvdh @army1349 @hex-m