summary refs log tree commit diff
path: root/README.rst
diff options
context:
space:
mode:
authorRichard van der Hoff <richard@matrix.org>2016-12-02 10:42:10 +0000
committerRichard van der Hoff <richard@matrix.org>2016-12-02 12:02:33 +0000
commit235407a78ea5153aa9730e4fdc1982976009759d (patch)
treef152b52f4fc7ec2381dcc7fed62e0afcda3621bc /README.rst
parentREADME: rewrite installation instructions (diff)
downloadsynapse-235407a78ea5153aa9730e4fdc1982976009759d.tar.xz
README: Rewrite "Identity servers" section
Diffstat (limited to '')
-rw-r--r--README.rst37
1 files changed, 22 insertions, 15 deletions
diff --git a/README.rst b/README.rst
index 099ad7f654..bc422d92ab 100644
--- a/README.rst
+++ b/README.rst
@@ -571,21 +571,28 @@ For information on how to install and use PostgreSQL, please see
 Identity Servers
 ================
 
-The job of authenticating 3PIDs and tracking which 3PIDs are associated with a
-given Matrix user is very security-sensitive, as there is obvious risk of spam
-if it is too easy to sign up for Matrix accounts or harvest 3PID data.
-Meanwhile the job of publishing the end-to-end encryption public keys for
-Matrix users is also very security-sensitive for similar reasons.
-
-Therefore the role of managing trusted identity in the Matrix ecosystem is
-farmed out to a cluster of known trusted ecosystem partners, who run 'Matrix
-Identity Servers' such as ``sydent``, whose role is purely to authenticate and
-track 3PID logins and publish end-user public keys.
-
-It's currently early days for identity servers as Matrix is not yet using 3PIDs
-as the primary means of identity and E2E encryption is not complete. As such,
-we are running a single identity server (https://matrix.org) at the current
-time.
+Identity servers have the job of mapping email addresses and other 3rd Party
+IDs (3PIDs) to Matrix user IDs, as well as verifying the ownership of 3PIDs
+before creating that mapping.
+
+This process is very security-sensitive, as there is obvious risk of spam if it
+is too easy to sign up for Matrix accounts or harvest 3PID data. In the longer
+term, we hope to create a decentralised system to manage it (`matrix-doc #712
+<https://github.com/matrix-org/matrix-doc/issues/712>`_), but in the meantime,
+the role of managing trusted identity in the Matrix ecosystem is farmed out to
+a cluster of known trusted ecosystem partners, who run 'Matrix Identity
+Servers' such as `Sydent <https://github.com/matrix-org/sydent>`_, whose role
+is purely to authenticate and track 3PID logins and publish end-user public
+keys.
+
+You can host your own copy of Sydent, but this will prevent you reaching other
+users in the Matrix ecosystem via their email address, and prevent them finding
+you. We therefore recommend that you use one of the centralised identity servers
+at ``https://matrix.org`` or ``https://vector.im`` for now.
+
+To reiterate: the Identity server will only be used if you choose to associate
+an email address with your account, or send an invite to another user via their
+email address.
 
 
 URL Previews