Hacker News new | past | comments | ask | show | jobs | submit login

Could you please point me in the direction of someplace where this problem is better explained? I'm struggling to understand, how the certificate choice of the peer X should be a problem, given you send them only the information directly related to the peer X, so it seems like you shouldn't care if the traffic between you 2 is encrypted using X's key or MitM's key, because it's only their part of the network that potentially gets compromised. If so, it should be the choice of every given node, if they trust that part of the network they are connecting to, and, conclusively, if they want to accept a certificate they see for the first time, no matter if it's signed by any common CA or not.

https://github.com/matrix-org/synapse/blob/master/docs/MSC17... is the best explanation. You can’t just make it a per-node decision otherwise everything would splitbrain.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact