cryptographic process to poof that the devices you use in fact belong to you (as cryptographic identity)

To poof to who?

Where is that data stored?

What happens if I'm on holiday in Paris and drop my phone, which is the only device I have with me, in the Seine?

Sounds like more passkeys security theater/inconvenience to me.

To your contacts; if I understand correctly, the public keys are uploaded to the server

> What happens if I'm on holiday in Paris and drop my phone, which is the only device I have with me, in the Seine?

1) use your recovery key (to recover your identity (prooven by private keys) from the server) - I believe it only works if you enabled server side key storage

Or

2) create a new identity (contacts will be notified)

Or

3) wait until you have access to another device again

Source of truth: https://spec.matrix.org/v1.16/client-server-api/#cross-signi...