device key validation needed

[penguin42]

The e2e spec says:
'The Matrix protocol provides a basic mechanism for exchange of public keys, though an out-of-band channel is required to exchange fingerprints between users to build a web of trust.'

unfortunately though we don't have any mechanism for monitoring or building a web of trust at the moment; so the whole device key system provides nothing - it could all be subverted by a bad HS that decided to generate it's own device keys instead of passing on the keys from a real device.

Some thoughts:
a) A mechanism for HS to be able to provide device-keys to anyone who asked so that a device owner could poke other HSs to see if his device-keys are being correctly propagated.
b) Clients could upload device-IDs/public device keys to a decentralised list so people could monitor for bad keys.
c) A message type to sign a device key with another device key (i.e. 'you trust I own this device, I've just got another')
d) A message type to sign a device key with an external mechanism (e.g. sign a key with a gpg key).
e) A mechanism to allow to users to cross sign each others device keys when they physically meet (neat idea: NFC handshake somehow?)

Dave

[uhoreg]

related: matrix-org/matrix-spec-proposals#1267, matrix-org/matrix-spec-proposals#1543, matrix-org/matrix-spec-proposals#1680 matrix-org/matrix-spec-proposals#1756