changelog.d/5374.feature · 8e0cee90d291790a088fb88e4120f84bf3420a65 · Maunium / synapse

5 years ago

Stop hardcoding trust of old matrix.org key (#5374) · 9fbb20a5

Richard van der Hoff authored 5 years ago

There are a few changes going on here:

* We make checking the signature on a key server response optional: if no
  verify_keys are specified, we trust to TLS to validate the connection.

* We change the default config so that it does not require responses to be
  signed by the old key.

* We replace the old 'perspectives' config with 'trusted_key_servers', which
  is also formatted slightly differently.

* We emit a warning to the logs every time we trust a key server response
  signed by the old key.

Unverified

9fbb20a5

History

Stop hardcoding trust of old matrix.org key (#5374)

Richard van der Hoff authored 5 years ago

There are a few changes going on here:

* We make checking the signature on a key server response optional: if no
  verify_keys are specified, we trust to TLS to validate the connection.

* We change the default config so that it does not require responses to be
  signed by the old key.

* We replace the old 'perspectives' config with 'trusted_key_servers', which
  is also formatted slightly differently.

* We emit a warning to the logs every time we trust a key server response
  signed by the old key.