Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

“Never send encrypted messages to unverified sessions from this session” setting fails initial cross-signing #13656

Closed
Tracked by #532
florianjacob opened this issue May 13, 2020 · 0 comments · Fixed by matrix-org/matrix-js-sdk#2734
Closed
Tracked by #532

“Never send encrypted messages to unverified sessions from this session” setting fails initial cross-signing #13656

florianjacob opened this issue May 13, 2020 · 0 comments · Fixed by matrix-org/matrix-js-sdk#2734
Labels
A-E2EE A-E2EE-Cross-Signing O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect Z-UISI Unable to decrypt errors

Comments

@florianjacob
Copy link

Description

Cross-Signing needs manual intervention from the receiver of a request if they have enabled the riot-web setting “Never send encrypted messages to unverified sessions from this session” and have not yet verified any device manually.

For me, this looks mainly like a side-effect of #11808, i.e. the setting should be adjusted for cross-signing.

Steps to reproduce

  • Hit “Start Verification” on Riot-Web with someone who:
    • you share an unencrypted room with
    • but no DM room
    • who has not verified any of your individual sessions previous to cross-signing
    • who has enabled the “Never send encrypted messages from this session to unverified sessions” setting
  • This will create a new DM room for the cross-signing verification
    • which is E2E encrypted by default
    • which has the “Never send encrypted messages to unverified sessions in this room” on by default, due to the global riot-web setting
  • This results in an ** Unable to decrypt: The sender has disabled encrypting to unverified devices. ** in the DM for the reply to my cross-signing verification request
  • Workaround: Turn of the room setting, or manually verify one device and resend the request

Version information

  • Platform: web
  • Browser: qutebrowser / Firefox
  • OS: Linux
  • version: riot-web 1.6.0
@florianjacob florianjacob mentioned this issue May 13, 2020
Open
@dbkr dbkr mentioned this issue Sep 25, 2020
Closed
@auscompgeek auscompgeek mentioned this issue Sep 26, 2020
Closed
@witchent witchent mentioned this issue Sep 26, 2020
Open
@jryans jryans added defect P1 S-Major Severely degrades major functionality or product features, with no satisfactory workaround labels Oct 27, 2020
@jryans jryans mentioned this issue Oct 27, 2020
Open
@jryans jryans removed the defect label Mar 4, 2021
@MadLittleMods MadLittleMods added O-Occasional Affects or can be seen by some users regularly or most users rarely O-Uncommon Most users are unlikely to come across this or unexpected workflow A-E2EE Z-UISI Unable to decrypt errors and removed P1 O-Occasional Affects or can be seen by some users regularly or most users rarely labels Apr 27, 2022
@t3chguy t3chguy mentioned this issue Aug 3, 2022
Closed
@BillCarsonFr BillCarsonFr mentioned this issue Aug 3, 2022
Open
@BillCarsonFr BillCarsonFr mentioned this issue Oct 5, 2022
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-E2EE A-E2EE-Cross-Signing O-Uncommon Most users are unlikely to come across this or unexpected workflow S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect Z-UISI Unable to decrypt errors
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Encryption should not hinder verification BillCarsonFr/matrix-js-sdk
5 participants
@kittykat @jryans @MadLittleMods @dbkr @florianjacob