A new owner of a domain can get access to an old owner's messages

[ara4n]

[edited by @richvdh to remove inaccurate/outdated text]

Currently, if your HS's signing keys change (due to deleting them, or pointing your DNS at a different HS - e.g. after a domain name is recycled or something more nefarious), there appears to be a 24h grace period after which perspectives servers start trusting the new key.

Per the security considerations in the S2S spec:

When a domain's ownership changes, the new controller of the domain can masquerade as the previous owner, receiving messages (similarly to email) and request past messages from other servers.

We need to find a proper solution to let folks legitimately recycle domain names or change signing keys, without risk of hijacking the existing accounts of users.

@VShell just voiced a proposal in #matrix-dev:

richvdh: the solution is to place a key in the m.room.member state event which can't be changed without either signing it with the old key dropping all permissions in a room, and encrypting transactions regarding that room to that user's server with that key.

alternatively, presumably this could also be handled with much smarter semantics in perspectives for pinning signing keys, revoking them, and generally having a more sophisticated trust model.

[richvdh]

there appears to be a 24h grace period after which perspectives servers start trusting the new key.

I'm not really sure where the 24h idea comes from. AFAIK you can basically start using a new key immediately.

[richvdh]

I think our current best shot at fixing this is going to be MSC1228

[jcgruenhage]

MSC1228 stops referring to a lot of things by human readable names as their main identifier, will that happen for homeservers too? Currently a homeservers main identifier is their server_name, but they also have a signing key which could be used as the main identifier, which would solve this.