This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
[e2e] Web-of-trust type of verification process for verifying keys in a group. #662
Comments
arthurlutz
changed the title
|
I don't quite like this idea. It simplifies mapping out who someone interacts with by seeing if the keys are trusted. It'll leak private metadata for very little possible benefit (most people don't correctly trust keys in the first place, even more technical users, I have never been able to trust the web of trust for GPG keys either). |
|
@TheLastProject Is there any other solution to scaling verification? N^2 verifications makes any E2EE room with more than 5 members basically unusable. There any many circumstances when you wouldn't want everyone to verify everyone. Web-of-trust is fairly reliable in workplace/small-community environments. It only makes sense that I would be able to trust my boss's verifications. He's running the room after all, it's his ass if the E2EE is voided by improper verification. |
|
The very least this approach could provide a way to have a little more trust in fellow room members than them being totally unverified(!1! red text color) like right now. |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Related to matrix-org/matrix-spec-proposals#3656 a more "web-of-trust" could be an option too : verify/trust all devices trusted by user X or by all existing users in the room with a display of number of users that trust a given key.
The text was updated successfully, but these errors were encountered: