continuwuation/continuwuity
continuwuation/continuwuity
15
96
Fork 108
Code Issues 126 Pull requests 24 Releases 30 Packages 3 Activity Actions 9

Query notaries in parallel #1730

New issue
Open
opened 2026-05-03 13:49:51 +00:00 by Crazy_Nicc · 1 comment
Crazy_Nicc commented 2026-05-03 13:49:51 +00:00
Copy link

Right now, each Notary Server is queried in sequence, if the one before it did not have the key. This is good for performance, but bad for security, since the first notary Server can serve you arbitrary keys.

I think it would be better to query all configured trusted servers in parallel and use the response the majority responded with, since that is much more likely to be the right key.

I am aware that these Servers are supposed to be trusted, but in reality you often do not really have "trusted servers", and it would still be good to put less trust on them.

Relevant code (I think): https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/src/service/server_keys/acquire.rs#L195-L223

Right now, each Notary Server is queried in sequence, if the one before it did not have the key. This is good for performance, but bad for security, since the first notary Server can serve you arbitrary keys. I think it would be better to query all configured trusted servers in parallel and use the response the majority responded with, since that is much more likely to be the right key. I am aware that these Servers are supposed to be trusted, but in reality you often do not really have "trusted servers", and it would still be good to put less trust on them. Relevant code (I think): https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/src/service/server_keys/acquire.rs#L195-L223
nex commented 2026-05-03 13:52:31 +00:00
Owner
Copy link

Querying notaries in parallel is a planned enhancement but we can't do that majority thing suggested for security reasons

Querying notaries in parallel is a planned enhancement but we can't do that majority thing suggested for security reasons
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
aranje/illegal-car-mods
renovate/ruma-digest
nex/perf/get-missing-events
renovate/rust-non-major
renovate/rust-1.x
renovate/rust-zerover-patch-updates
ginger/oauth
nex/feat/admin-api
renovate/serde-saphyr-0.x
ginger/kill-sync-tokens
renovate/rand_core-0.x
nex/feat/deprecated-room-versions
release/v0.5.9
nex/feat/enable-debug-log-release-builds
nex/feat/room-purging
nex/feat/room-shutdown
ginger/ruma-upstreaming
jade/tls-backends
ginger/email-fixes
jade/changelog-labels
nex/fix/v12-publishing
jade/build-info
jade/purge-sync-tokens
ginger/terms-and-conditions
ginger/remove-sliding-sync-proxy
nex/fix/pusher-association
ginger/email-support
jade/community-guidelines
nex/fix/federation-format
jade/git-deps-updates
jade/changelog-check
jade/rust-1-92
ginger/password-reset
nex/experiment/push-gateway-logs
ginger/msc3575-obliteration
nex/feat/block-busted-rooms
nex/fix/informative-startup-errs
ginger/no-left-room-initial-sync
jade/docker-entrypoint
jade/dehydrated-devices
ginger/complement-fixes
nex/fix/stale-destination-cache
nex/experiment/sync-mutex
tcpipuk/docker-docs
jade/snafu
jade/rand-update
nex/stateres-refactor
ginger/779-in-troubleshooting
jade/liveit-guide
jade/http3
nex/feat/admin-hide-empty-rooms
ginger/oobe
nex/fix/debian-thingy
jade/ldap-admin-check
nex/fix/remote-restricted-joins
nex/feat/msc4406-sender-ignored
jade/deadlock-detection
jade/get-started
jade/docs-guide
ginger/fix-local-invites
nex/fix/tpi
nex/feat/room-deletion
nex/feat/msc4322-media-redaction
ginger/stitched-order
ginger/deps/update-rspress
jade/admin-announce-improvements
ginger/xtask-improvements
jade/improve-admin-config-display
nex/fix/better-stateres-error-logs
jade/sender-timeouts
nex/feat/custom-v12-room-ids
ginger/update-metadata
nex/feat/admin-force-logout
tom/max-perf-docs
nex/fix/invalid-appservice-reg
nex/feat/antispam
nex/feat/account-locking
jade/logging-cleanup
jade/remove-legacy-appservice-auth
nex/fix/key-query
jade/update-prek
nex/fix/room-summaries
ginger/restrict-admin-commands
ginger/enable-console-by-default
jade/tag-fixes
jade/otlp
nex/meta/pull-req-template
nex/fix/fed-invite-compliance
nex/feat/build-commit
nex/feat/join-logging
jade/mailmap-updates
jade/hack-ci-tmp
jade/v12-stable
jade/relations
ginger/database-refactor
jade/fix-ldap-uiaa
nex/fix/validation
ginger/nuke-invalid-msc4133-fields-in-migration
ginger/downgrade-artifact-actions
oddlid/reload-fix
jade/fix-assert
ginger/sync-v3-cleanup
ginger/remove-absolute-action-urls
jade/website
nex/fix/backoff
ginger/fix-mdbook-for-0.5
ginger/no-docker-on-prs
backport/v0.5.0-rc.8-1
nex/fed-improvements
jade/rust-1.90
jade/mirror-dockerhub
jade/clippy-fixes
jade/fix-support
jade/clean-images
jade/wal-compression-type
jade/flake-clone
ginger/upload-rpms-on-schedule
nex/fix/incoming-fetch
nex/fix/upgrade
tom/ci-fedora-rpm
jade/ci-release-fix
jade/rocksdb-10-5
ginger/fix-msc4133-migration
ginger/migrate-busted-tz
hydra/public
nex/feat/manual-extremities
nex/feat/async-media
nex/feat/fast-joins-hack-do-not-use-DO-NOT-USE
nex/feat/better-logging
trigger-ci-so-latest-isnt-on-illegal-car-mods
nex/feat/pins-backfill
jade/tuwunel-2025-06-old
jade/ai-slop-db-docs
nex/fix-create-auth
jade/version-stats
jade/read-receipts
jade/rust-toolchain-no-targets
jade/logging-features
jade/syncv5-typing
jade/msc2815
morguldir/see-eye
jade/css-small-screen
nex/wip-751
tuwunel-rebase
test
oddlid/rename-admin-room-bot
strawberry/nix-ci-stuff
strawberry/valgrind
phonemain
strawberry/morgs-snake-sync-jason-main
newer-media-endpoints
folly-coroutines-async-io
federation-retry-timer-port
bad-attempt-at-extracting-homeserver-signing-key
room-deletion-attempt-do-not-use
v0.5.9
v0.5.8
v0.5.7
v0.5.7-alpha.2
v0.5.7-alpha.1
v0.5.6
v0.5.6-alpha
v0.5.5
v0.5.4
v0.5.3
v0.5.2
v0.5.1
v0.5.0
v0.5.0-rc.8.1
v0.5.0-rc.8
v0.5.0-rc.7
v0.5.0-rc.6
v0.5.0-rc.5
v0.5.0-rc4
v0.5.0-rc3
v0.5.0-rc2
v0.5.0-rc
v0.4.7-rc
v0.4.6
v0.4.6-rc
v0.4.5-rc
v0.4.5
v0.4.4
v0.4.3
v0.4.2
v0.4.1
v0.3.4
v0.3.3
v0.3.2
v0.3.1
v0.3.0
Labels
Clear labels   
Blocked
This pull request or issue is currently blocked from being merged/closed

  
Bug
Something isn't working as intended

  
Changelog
Added
 Changelog entry added

  
Changelog
Missing
 No changelog when one is needed

  
Changelog
None
 Changelog is unnecesary for this change

  
Cherry-picking
Commits picked from other conduit projects

  
Database
This requires or includes changes to the database

  
Dependencies
Something dependency related

  
Dependencies/Renovate
Automatic dependency upgrades by Renovate

  
Difficulty
Easy
 Low difficulty to implement - touches few parts of the codebase, low complexity

  
Difficulty
Hard
 High difficulty to implement - touches many parts of the codebase, high complexity

  
Difficulty
Medium
 Medium difficulty to implement - touches more parts of the codebase, higher complexity

  
Documentation
Improvements or additions to documentation

  
Enhancement
New feature or request

  
Good first issue
Good for newcomers

  
Help wanted
Additional eyes and keyboards are required for this one

  
Inherited
Issues that have been inhereted from the project pre-fork

  
Matrix/Administration
Features pertaining to homeserver administration

  
Matrix/Appservices
Features pertaining to the appservice API

  
Matrix/Auth
Features pertaining to authentication

  
Matrix/Client
Features pertaining to client-to-server interactions

  
Matrix/Core
Issues relating to core matrix functionality, such as state resolution and PDU formats

  
Matrix/E2EE
Issues related to end to end encryption

  
Matrix/Federation
Features pertaining to server-to-server interactions

  
Matrix/Hydra
Issues related to room version 12 and related changes (temporary label)

  
Matrix/MSC
Features pertaining to unstable matrix features

  
Matrix/Media
Features pertaining to media interactions

  
Matrix/T&S
Changes or issues related to trust & safety tooling

  
Merge
This PR is ready to be merged

  
Merge/Manual
This PR should be manually merged

  
Merge/Squash
This PR should be squashed when it is merged

  
Meta
Related to housekeeping, maintenance, or other repo-meta.

  
Meta/CI
Issues related to CI changes

  
Meta/Packaging
Packaging

  
Priority
Blocking
 This issue is blocking the next release

  
Priority
High
 This issue is very important

  
Priority
Low
 This issue is of a rather low priority

  
Security
This item is related to general security

  
Status
Confirmed
 This issue has enough information and is confirmed

  
Status
Duplicate
 This issue or pull request already exists

  
Status
Invalid
 This issue doesn't seem right

  
Status
Needs Investigation
 This issue needs further investigation

  
Support
Questions or support requests

  
Wont fix
This will not be worked on

  
old/ci/cd
Ci/CD

Archived

  
old/rust
Pull requests that update Rust code

Archived

No labels
Blocked
Bug
Changelog
Added
Changelog
Missing
Changelog
None
Cherry-picking
Database
Dependencies
Dependencies/Renovate
Difficulty
Easy
Difficulty
Hard
Difficulty
Medium
Documentation
Enhancement
Good first issue
Help wanted
Inherited
Matrix/Administration
Matrix/Appservices
Matrix/Auth
Matrix/Client
Matrix/Core
Matrix/E2EE
Matrix/Federation
Matrix/Hydra
Matrix/MSC
Matrix/Media
Matrix/T&S
Merge
Merge/Manual
Merge/Squash
Meta
Meta/CI
Meta/Packaging
Priority
Blocking
Priority
High
Priority
Low
Security
Status
Confirmed
Status
Duplicate
Status
Invalid
Status
Needs Investigation
Support
Wont fix
old/ci/cd
old/rust
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
continuwuation/continuwuity#1730
No description provided.