From bd223e67806ba1b3a2d9ed1006c390c49ef3942b Mon Sep 17 00:00:00 2001 From: dklimpel <5740567+dklimpel@users.noreply.github.com> Date: Fri, 30 Sep 2022 20:54:13 +0200 Subject: [PATCH 1/3] Add docs for an empty `trusted_key_servers` config option --- changelog.d/13999.doc | 1 + docs/usage/configuration/config_documentation.md | 6 ++++++ 2 files changed, 7 insertions(+) create mode 100644 changelog.d/13999.doc diff --git a/changelog.d/13999.doc b/changelog.d/13999.doc new file mode 100644 index 000000000000..2d63a0319575 --- /dev/null +++ b/changelog.d/13999.doc @@ -0,0 +1 @@ +Add documentation for using an empty `trusted_key_servers` config option. \ No newline at end of file diff --git a/docs/usage/configuration/config_documentation.md b/docs/usage/configuration/config_documentation.md index f46b4932fd23..554609e90175 100644 --- a/docs/usage/configuration/config_documentation.md +++ b/docs/usage/configuration/config_documentation.md @@ -2655,6 +2655,12 @@ is still supported for backwards-compatibility, but it is deprecated. warning on start-up. To suppress this warning, set `suppress_key_server_warning` to true. +If the use of a trusted key server has to be deactivated, e.g. in a private +federation or for privacy reasons, this can be realised by setting +an empty array (`trusted_key_servers: []`). Then Synapse will request the keys +directly from the communication partner. If Synapse does not get keys directly +from the communication partner, the events of the other server will be rejected. + Options for each entry in the list include: * `server_name`: the name of the server. Required. * `verify_keys`: an optional map from key id to base64-encoded public key. From 97a6171b2c49eb995b31f12ca3446f0f7e9223fb Mon Sep 17 00:00:00 2001 From: Dirk Klimpel <5740567+dklimpel@users.noreply.github.com> Date: Thu, 6 Oct 2022 12:57:58 +0200 Subject: [PATCH 2/3] small rewording --- docs/usage/configuration/config_documentation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/usage/configuration/config_documentation.md b/docs/usage/configuration/config_documentation.md index 554609e90175..1504f04c71a3 100644 --- a/docs/usage/configuration/config_documentation.md +++ b/docs/usage/configuration/config_documentation.md @@ -2658,8 +2658,8 @@ warning on start-up. To suppress this warning, set If the use of a trusted key server has to be deactivated, e.g. in a private federation or for privacy reasons, this can be realised by setting an empty array (`trusted_key_servers: []`). Then Synapse will request the keys -directly from the communication partner. If Synapse does not get keys directly -from the communication partner, the events of the other server will be rejected. +directly from the server that owns the keys. If Synapse does not get keys directly +from the server, the events of this server will be rejected. Options for each entry in the list include: * `server_name`: the name of the server. Required. From b5efb5b24d2b5062cb447623c80751572213a090 Mon Sep 17 00:00:00 2001 From: David Robertson Date: Fri, 28 Oct 2022 13:54:29 +0100 Subject: [PATCH 3/3] Tweak changelog --- changelog.d/13999.doc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog.d/13999.doc b/changelog.d/13999.doc index 2d63a0319575..26538049e453 100644 --- a/changelog.d/13999.doc +++ b/changelog.d/13999.doc @@ -1 +1 @@ -Add documentation for using an empty `trusted_key_servers` config option. \ No newline at end of file +Explain how to disable the use of `trusted_key_servers`. \ No newline at end of file