Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Add docs for an empty trusted_key_servers config option #13999

Merged
merged 4 commits into from
Oct 28, 2022
Merged

Add docs for an empty trusted_key_servers config option #13999

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
bd223e6
Add docs for an empty `trusted_key_servers` config option
dklimpel Sep 30, 2022
97a6171
small rewording
dklimpel Oct 6, 2022
ba0685d
Merge branch 'develop' into key_server_doc
dklimpel Oct 14, 2022
b5efb5b
Tweak changelog
DMRobertson Oct 28, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/13999.doc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add documentation for using an empty `trusted_key_servers` config option.
DMRobertson marked this conversation as resolved.
Show resolved Hide resolved
6 changes: 6 additions & 0 deletions docs/usage/configuration/config_documentation.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2655,6 +2655,12 @@ is still supported for backwards-compatibility, but it is deprecated.
warning on start-up. To suppress this warning, set
`suppress_key_server_warning` to true.

If the use of a trusted key server has to be deactivated, e.g. in a private
federation or for privacy reasons, this can be realised by setting
an empty array (`trusted_key_servers: []`). Then Synapse will request the keys
directly from the communication partner. If Synapse does not get keys directly
from the communication partner, the events of the other server will be rejected.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think "communication partner" is a bit unclear here. I can assume you mean the keys will be fetched directly from the servers owning them, but I think that's a bit unclear to someone who's less familiar with Synapse.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, what is a better wording? "federation partner", "server that owns the keys"? Other suggestions?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes I think "server that owns the keys" is clearer.


Options for each entry in the list include:
* `server_name`: the name of the server. Required.
* `verify_keys`: an optional map from key id to base64-encoded public key.
Expand Down