You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issue
As per discussion with the Matrix.org security team, notary responses are only signed for compatibility with very old versions of Synapse.
This is superfluous as the TLS connection already authenticates the response.
Notably, for backwards compatibility matrix.org still signs these responses with their old ed25519:auto key, even though it's marked as expired.
afaik, Conduit and Dendrite don't implement these key query routes at all
The text was updated successfully, but these errors were encountered:
Link to problem area: https://spec.matrix.org/v1.11/server-server-api/#querying-keys-through-another-server
Issue
As per discussion with the Matrix.org security team, notary responses are only signed for compatibility with very old versions of Synapse.
This is superfluous as the TLS connection already authenticates the response.
Notably, for backwards compatibility matrix.org still signs these responses with their old
ed25519:auto
key, even though it's marked as expired.afaik, Conduit and Dendrite don't implement these key query routes at all
The text was updated successfully, but these errors were encountered: