34 lines
919 B
Plaintext
34 lines
919 B
Plaintext
---
|
|
summary: Add a certificate pinning mechanism to the federation key APIs
|
|
---
|
|
created: 2016-01-19 18:12:48.0
|
|
creator: markjh
|
|
description: |-
|
|
Add a way for home-server operators to promise in the /key responses that they won't lose the private keys for their HS.
|
|
|
|
Then other HSes that have observed that key won't accept a different key for that domain, giving stronger guarantees against MITM attacks.
|
|
|
|
Something like https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
|
|
id: '12319'
|
|
key: SPEC-329
|
|
number: '329'
|
|
priority: '2'
|
|
project: '10001'
|
|
reporter: markjh
|
|
status: '10100'
|
|
type: '1'
|
|
updated: 2016-10-28 16:28:11.0
|
|
votes: '0'
|
|
watches: '2'
|
|
workflowId: '12424'
|
|
---
|
|
actions:
|
|
- author: richvdh
|
|
body: 'Migrated to github: https://github.com/matrix-org/matrix-doc/issues/619'
|
|
created: 2016-10-28 16:28:11.0
|
|
id: '13427'
|
|
issue: '12319'
|
|
type: comment
|
|
updateauthor: richvdh
|
|
updated: 2016-10-28 16:28:11.0
|