Peer identity¶
The peer/public keyring of an account consists of their public keys and signatures of those by their respective signing key(s).
This makes the signing public key usable as a root-of-trust for each account and it ensures consistency within the keyring.
Account keyrings are used for peer verification tasks.
Peer trust¶
For improving global protection, each peer’s cryptographic identity can be fingerprinted uniquely by each account which is their explicit trust mark for the peer. These peer identity fingerprints are stored on the server securely encrypted. Additionally all clients use a trust-on-first-use (TOFU) identity store. TOFU is used to provide consistency for the identity of connected peers where no explicit peer trust is available.
These measures provide protection from man-in-the-middle attacks, or if the integrity of a keyring is compromised by a malicious server.