Clarify how we now expect verification to be done

pull/977/head
Travis Ralston 6 years ago
parent d49c7fb3b0
commit 3877896a4c

@ -384,20 +384,10 @@ man-in-the-middle. This verification process requires an out-of-band channel:
there is no way to do it within Matrix without trusting the administrators of there is no way to do it within Matrix without trusting the administrators of
the homeservers. the homeservers.
In Matrix, the basic process for device verification is for Alice to verify In Matrix, verification works by Alice meeting Bob in person, or contact him
that the public Ed25519 signing key she received via ``/keys/query`` for Bob's via some other trusted medium, and use `SAS Verification`_ to interactively
device corresponds to the private key in use by Bob's device. For now, it is verify Bob's devices. Alice and Bob may also read aloud their unpadded base64
recommended that clients provide mechanisms by which the user can see: encoded Ed25519 public key, as returned by ``/keys/query``.
1. The public part of their device's Ed25519 signing key, encoded using
`unpadded Base64`_.
2. The list of devices in use for each user in a room, along with the public
Ed25519 signing key for each device, again encoded using unpadded Base64.
Alice can then meet Bob in person, or contact him via some other trusted
medium, and use `SAS Verification`_ or ask him to read out the Ed25519 key
shown on his device, comparing it to the one shown on Alice's device.
Device verification may reach one of several conclusions. For example: Device verification may reach one of several conclusions. For example:

Loading…
Cancel
Save