Element-web: [e2e] Web-of-trust type of verification process for verifying keys in a group.
Related to #3656 a more "web-of-trust" could be an option too : verify/trust all devices trusted by user X or by all existing users in the room with a display of number of users that trust a given key.
arthurlutz
All 3 comments
I don't quite like this idea. It simplifies mapping out who someone interacts with by seeing if the keys are trusted. It'll leak private metadata for very little possible benefit (most people don't correctly trust keys in the first place, even more technical users, I have never been able to trust the web of trust for GPG keys either).
TheLastProject
on 5 Nov 2017
uhoreg
on 27 Sep 2019
@TheLastProject Is there any other solution to scaling verification?
N^2 verifications makes any E2EE room with more than 5 members basically unusable. There any many circumstances when you wouldn't want everyone to verify everyone.
Web-of-trust is fairly reliable in workplace/small-community environments. It only makes sense that I would be able to trust my boss's verifications. He's running the room after all, it's his ass if the E2EE is voided by improper verification.
hugecheese
on 14 Oct 2019
Related issues
ara4n
·
3Comments
bagage
·
3Comments
lukebarnard1
·
3Comments
niedzielski
·
3Comments
anoadragon453
·
3Comments
Most helpful comment
@TheLastProject Is there any other solution to scaling verification?
N^2 verifications makes any E2EE room with more than 5 members basically unusable. There any many circumstances when you wouldn't want everyone to verify everyone.
Web-of-trust is fairly reliable in workplace/small-community environments. It only makes sense that I would be able to trust my boss's verifications. He's running the room after all, it's his ass if the E2EE is voided by improper verification.