make it possible to use different signing keys for the notary server and signing events #5351

richvdh · 2019-06-05T09:23:54Z

No description provided.

richvdh · 2019-06-06T12:21:52Z

We should probably actually sign notary responses with two keys: the old, compromised key, for compatibility with those who still rely on it, and a new key, who want belt-and-braces security above TLS.

richvdh · 2019-06-27T10:58:31Z

This is a thing that we originally wanted to do for v1.0 but ended up having to descope. It's still a security-related thing that we should do asap imho.

richvdh added the Synapse v1.0 label Jun 5, 2019

neilisfragile removed the Synapse v1.0 label Jun 6, 2019

richvdh mentioned this issue Jun 6, 2019

remove hardcoded signing key for notary server #5350

Closed

neilisfragile added z-p2 (Deprecated Label) security labels Jun 10, 2019

richvdh mentioned this issue Jun 27, 2019

we should rotate the event-signing key for matrix.org #5573

Closed

erikjohnston self-assigned this Aug 16, 2019

erikjohnston mentioned this issue Aug 21, 2019

Add config option to sign remote key query responses with a separate key. #5895

Merged

erikjohnston closed this as completed Aug 28, 2019

callahad added the Security label Jan 21, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

make it possible to use different signing keys for the notary server and signing events #5351

make it possible to use different signing keys for the notary server and signing events #5351

richvdh commented Jun 5, 2019

richvdh commented Jun 6, 2019

richvdh commented Jun 27, 2019

make it possible to use different signing keys for the notary server and signing events #5351

make it possible to use different signing keys for the notary server and signing events #5351

Comments

richvdh commented Jun 5, 2019

richvdh commented Jun 6, 2019

richvdh commented Jun 27, 2019