Open ara4n opened 4 years ago
You current session does not trust the MSK. Currently in this case the verify will launch a legacy start SAS
We probably have an issue here. The manage session will display local trust:
It should propably not do that.. The current device should be red shield and the others blacks shields? And when you try to verify another session it should ask you first to complete security?
@nadonomy what do you think
Maybe we should show that: And for you to complete security on this session when you try to verify other sessions?
The state of user profile is also probably a bit off
@nadonomy what do you think
Yeah I think this makes sense. So effectively if a user is using cross-signing, they sign into a new device and then skip verifying it on login and go to settings, we echo locally how other users see their pool of devices?
So this device would be untrusted (red) and once cross-signed would turn green, and the other devices would update from black to represent either their trusted (green) or untrusted (red) state?
@BillCarsonFr & I had a call on this to discuss in more detail, and we think it makes sense to:
In Settings
When viewing your own profile
if i try to verify Riot/Web from Riot/X's session management in settings, it only lets me try to verify it by emoji.