From 92c0fdf085b336c39aa6c7a030c1fbdff738d3b8 Mon Sep 17 00:00:00 2001
From: "J. Ryan Stinnett" <jryans@gmail.com>
Date: Fri, 29 Nov 2019 15:57:40 +0000
Subject: [PATCH] Clarify current state of cross-signing private keys

---
 src/MatrixClientPeg.js | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/MatrixClientPeg.js b/src/MatrixClientPeg.js
index 30983c452a..a65ebbb763 100644
--- a/src/MatrixClientPeg.js
+++ b/src/MatrixClientPeg.js
@@ -221,8 +221,14 @@ class MatrixClientPeg {
         };
 
         if (SettingsStore.isFeatureEnabled("feature_cross_signing")) {
-            // TODO: Cross-signing keys are temporarily in memory only. A
-            // separate task in the cross-signing project will build from here.
+            // This stores the cross-signing private keys in memory for the JS SDK. They
+            // are also persisted to Secure Secret Storage in account data by
+            // the JS SDK when created.
+            // XXX: On desktop platforms, we plan to store only the SSSS default
+            // key in a secure enclave, while the cross-signing private keys
+            // will still be retrieved from SSSS, so it's unclear that we
+            // actually need these cross-signing application callbacks for Riot.
+            // Should the JS SDK default to in-memory storage of these itself?
             const keys = {};
             opts.cryptoCallbacks = {
                 getCrossSigningKey: k => keys[k],