From 76788843761491a2f6d31befa88775997db676fe Mon Sep 17 00:00:00 2001 From: Hubert Chathi Date: Fri, 8 Jan 2021 17:48:03 -0500 Subject: [PATCH] clarifications to cross-signing MSC --- proposals/1756-cross-signing.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/proposals/1756-cross-signing.md b/proposals/1756-cross-signing.md index de08422a..2ac8f706 100644 --- a/proposals/1756-cross-signing.md +++ b/proposals/1756-cross-signing.md @@ -528,7 +528,7 @@ look like: If Bob replaces his Dynabook without re-verifying with Alice, this will split the graph and Alice will not be able to verify Bob's other devices. In -contrast, in this proposal, Alice and Bob sign each other's self-signing key +contrast, in this proposal, Alice and Bob sign each other's master keys with their user-signing keys, and the attestation graph would look like: ![](images/1756-graph2.dot.png) @@ -543,7 +543,9 @@ devices, as there may be stale attestations and revocations lingering around. the signature created previously by the device making the attestation, or whether it should be a statement that the device should not be trusted at all.) In contrast, with this proposal, if a device is stolen, then only the -user-signing key must be re-issued. +keys for which the device had access to the private keys must be re-issued, +along with any associated signatures. When the new keys are distributed, the +old keys and their signatures will no longer be part of the attestation graph. ## Security considerations