farribeiro
commented
3 years ago isn't duplicated with issue #4 ?
Closed jtrees closed 2 years ago
farribeiro
commented
3 years ago isn't duplicated with issue #4 ?
kidonsky
commented
3 years ago I think that they are two different uses from the user point of view. A session verification can be made with emojis verification and no more manual action. (see element)
Issue #4 mentions manual import/export.
So in my mind, one complete the other. (as you mentioned in your comment)
farribeiro
commented
3 years ago if a session is revoked, do automatic logout
farribeiro
commented
3 years ago if a session is revoked, do automatic logout
I think that they are two different uses from the user point of view. A session verification can be made with emojis verification and no more manual action. (see element)
Issue #4 mentions manual import/export.
So in my mind, one complete the other. (as you mentioned in your comment)
BTW... if a session verified with success, then import the keys, must be automatic
gpanders
commented
3 years ago Here is the relevant section from the Matrix docs: https://matrix.org/docs/guides/implementing-more-advanced-e-2-ee-features-such-as-cross-signing
ShadowJonathan
commented
3 years ago For the record, this is keeping me from seriously recommending cinny to others, as it's basically standard at this point to implement this for cross-signing and all.
That said, the right technical term for this is "bootstrapping cross-signing", I'm putting it here so it turns up in search results
woojoo666
commented
3 years ago it seems like since Cinny sessions are unable to be verified, all the messages you send will have a "Encrypted by an unverified device" indicator when viewed from Element.
Steps to reproduce:
Anybody know if this is permanent? I guess if I ever close/log out of Cinny, then it will be permanent, but if Cinny gets verification in the future, will I be able to verify my existing session and get rid of these warning icons?
ajbura
commented
3 years ago @woojoo666 importing keys doesn’t verify a session, it just decrypt encrypted messages sent by other sessions. To verify the session go to your profile in element in any room and click on unverified sessions, then click manual verify. You can see Cinny session details in Cinny’s settings (just to be sure when manually confirming). This is a workaround until we have emoji verification.
woojoo666
commented
3 years ago @ajbura I was trying to find a way to manual verify but I couldn't, when I click "verify" in Element desktop, I get the message "To proceed, please accept the verification request on your other login.", but nothing pops up on Cinny. And I don't see a button to manually verify, as was shown in the 2020 github discussion here: (https://github.com/vector-im/element-web/issues/12586)
woojoo666
commented
3 years ago Nevermind it looks like you can only do it by going to one of your rooms, opening the room details, clicking on your username in the list, and clicking on the "Cinny Web" session. See https://github.com/vector-im/element-web/issues/15365#issuecomment-718192924
kfiven
commented
3 years ago @woojoo666 That's what ajbura said in above message ''go to your profile in element in any room''. Looks like everyone look for that option in settings as it used to be there but element removed it now.
Is your feature request related to a problem? Please describe. My user profile gets a red shield on Element when I have an active Cinny session because the session is not verified. That makes me sad.
Also, security isn't as good as it good be without cryptographic verification.
Describe the solution you'd like Emoji verification and (optionally) QR-code verification integrated in the UI.
Describe alternatives you've considered
These are both fine as stop-gap solutions.
Additional context Cinny looks incredible! I've been hoping a client like this would pop up out of nowhere someday. Thanks so much for making it!