wholetrans/docs-matrix-spec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #2951 from uhoreg/cross-signing-msc-clarifications

Browse source 
clarifications to cross-signing MSC
This commit is contained in:
Hubert Chathi 2021-01-08 19:47:33 -05:00 committed by GitHub
commit 2b32508964
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
proposals/1756-cross-signing.md
View file

@ -528,7 +528,7 @@ look like:
If Bob replaces his Dynabook without re-verifying with Alice, this will split
the graph and Alice will not be able to verify Bob's other devices. In
contrast, in this proposal, Alice and Bob sign each other's self-signing key
contrast, in this proposal, Alice and Bob sign each other's master keys
with their user-signing keys, and the attestation graph would look like:
![](images/1756-graph2.dot.png)
@ -543,7 +543,9 @@ devices, as there may be stale attestations and revocations lingering around.
the signature created previously by the device making the attestation, or
whether it should be a statement that the device should not be trusted at all.)
In contrast, with this proposal, if a device is stolen, then only the
user-signing key must be re-issued.
keys for which the device had access to the private keys must be re-issued,
along with any associated signatures. When the new keys are distributed, the
old keys and their signatures will no longer be part of the attestation graph.
## Security considerations