Synapse trusted_key_servers: which ones?

how · February 27, 2020, 2:00pm

Recent Synapse versions have been advertising the trusted_key_servers setting:

Synapse requires that a list of trusted key servers are specified in order to
provide signing keys for other servers in the federation.

This homeserver does not have a trusted key server configured in
homeserver.yaml and will fall back to the default of ‘matrix.org’.

Trusted key servers should be long-lived and stable which makes matrix.org a
good choice for many admins, but some admins may wish to choose another. To
suppress this warning, the admin should set ‘trusted_key_servers’ in
homeserver.yaml to their desired key server and ‘suppress_key_server_warning’
to ‘true’.

In a future release the software-defined default will be removed entirely and
the trusted key server will be defined exclusively by the value of
‘trusted_key_servers’.

Since Librehosters may want to trust the same key servers, I was wondering whether everyone is using the default (matrix.org) or something else.

perflyst · February 27, 2020, 3:28pm

I am actually using privacytools.io and matrix.org as trusted key server.

anap · May 9, 2020, 11:51am

Just learned that matrix.org is considered, to matrix, what gmail to mail. May be an unfair comparison but it does keep more metadata than privacy concerned hosters would like to.
Do we take privacy as a concern or only free software? Maybe an item for next meeting?

yala · December 6, 2020, 1:57pm

Which are the requirements for us to trust a key server?

There are also other places in the configuration, in which we express trust to a third-party authority:

cat homeserver.yaml | yq '.trusted_third_party_id_servers'
[
  "matrix.org",
  "vector.im"
]

And lesser of a concern, but still an expression of proximity and trust:

 curl -sL element.allmende.io/config.json | jq '.roomDirectory'
{
  "servers": [
    "matrix.allmende.io",
    "matrix.org",
    "chat.weho.st",
    "tomesh.net",
    "disroot.org",
    "systemausfall.org",
    "tchncs.de",
    "matrix.tedomum.net",
    "feneas.org"
  ]
}

Which other trusted key servers next to privacytools.io would you suggest, maybe the same that we allow as remote room directories?