Open richvdh opened 10 months ago
Duplicate of #2153
Actually I think this is clearer than #2153, so closing the other.
https://github.com/matrix-org/matrix-spec-proposals/pull/4081 proposes a way to fix this.
To port some of the possible solution thoughts from #2153:
We'll need to:
@pmaier1 To check priority given it's happening in not common use cases
We concluded that this has low priority as we consider the impact as "low" (only subject to very specific cases) and the effort to fix as "high".
Even if Alice subsequently sends another message using the same session, and tries again to share the session key with Bob, it is likely that she will share the megolm ratchet starting at that second message rather than the first one.
Bob will never be able to decrypt the message.
Tasks, with T-shirt sizes
Spec side:
Server side:
/keys/upload
impl ande2e_fallback_keys_json
table to record "eager_share" flag (S). Remember to add tosynapse_port_db
.m.device_list_update
when fallback keys are updated (S)m.device_list_update
EDU (L)m.device_list_update
EDU, stash them ine2e_fallback_keys_json
(or do we need a separate table?) (L)/keys/claim
implementation not to setused
flag oneager_share
keys, in both sqlite and postgres impls (S)/keys/claim
implementation to fall back to the local store when the remote server is inoperative.matrix-sdk-crypto:
device_unused_fallback_key_types
in/sync
, and instead rotate keys when the current one is old, or has been used (M).eager_share_fallback_keys
flag in/keys/upload
request (S)Testing: