Skip to content

Reject attempts to change the device keys of an existing device #18511

New issue
New issue
Open
#18512
Open
Reject attempts to change the device keys of an existing device#18511
#18512
Labels
A-E2EEA-PerformanceO-OccasionalT-Enhancementgood first issueThis is a fix that might be an easy place for someone to start for their first contribution
@richvdh

Description

@richvdh
richvdh
opened on Jun 4, 2025

Synapse allows clients to change the Ed25519 and Curve25519 keys of an existing device via /keys/upload. I don't think this has a legitimate usecase; indeed matrix-sdk-crypto ignores any attempt to change the Ed25519 key.

And it's not great for performance, especially if you have a couple of clients fighting over the "correct" key.

[Note that resetting your cross-signing keys requires changing the signature on the device keys, but not the keys themselves.]

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-E2EEA-PerformanceO-OccasionalT-Enhancementgood first issueThis is a fix that might be an easy place for someone to start for their first contribution

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions