[e2e] Web-of-trust type of verification process for verifying keys in a group. #663
Replies: 4 comments
-
I don't quite like this idea. It simplifies mapping out who someone interacts with by seeing if the keys are trusted. It'll leak private metadata for very little possible benefit (most people don't correctly trust keys in the first place, even more technical users, I have never been able to trust the web of trust for GPG keys either). |
Beta Was this translation helpful? Give feedback.
-
see also https://github.com/matrix-org/matrix-doc/issues/1886 |
Beta Was this translation helpful? Give feedback.
-
@TheLastProject Is there any other solution to scaling verification? N^2 verifications makes any E2EE room with more than 5 members basically unusable. There any many circumstances when you wouldn't want everyone to verify everyone. Web-of-trust is fairly reliable in workplace/small-community environments. It only makes sense that I would be able to trust my boss's verifications. He's running the room after all, it's his ass if the E2EE is voided by improper verification. |
Beta Was this translation helpful? Give feedback.
-
The very least this approach could provide a way to have a little more trust in fellow room members than them being totally unverified(!1! red text color) like right now. |
Beta Was this translation helpful? Give feedback.
-
Related to matrix-org/matrix-spec-proposals#3656 a more "web-of-trust" could be an option too : verify/trust all devices trusted by user X or by all existing users in the room with a display of number of users that trust a given key.
Beta Was this translation helpful? Give feedback.
All reactions