search

element-hq / element-meta

Shared/meta documentation and project artefacts for Element clients
65 stars 11 forks source link

Handle failures when publishing cross-signing identity #2410

Open richvdh opened 2 months ago

richvdh commented 2 months ago

When first logging in on a new account, we try to publish cross-signing keys (via /device_keys/upload).

This process can fail for example, if the homeserver is configured to use SSO auth. (Publishing the public keys requires user-interactive auth, which may fail. https://github.com/matrix-org/matrix-spec-proposals/pull/3967 is an attempt to help with that, but is as yet unstandardised.)

If the process fails (either because the HS rejects it or the user gets bored of trying to do UIA and dismisses the dialog), we show an error:
image

After that point, the application is fully-functional, and will even allow you to set up 4S and store the private cross-signing keys in 4S. The problem is that there is no further attempt to publish the public keys, so the account is now totally broken until the user resets cross-signing.

### Tasks
- [ ] https://github.com/matrix-org/matrix-rust-sdk/issues/1641
- [ ] EAR
- [ ] EIR
- [ ] https://github.com/element-hq/element-web/issues/27253
- [ ] Element X
richvdh commented 2 months ago

We should also finish MSC3967, which will remove many of the causes of this problem in the first place.

andybalaam commented 1 month ago

This is part of "WebR Force Verification" https://github.com/element-hq/crypto-internal/issues/283

richvdh commented 1 month ago

This is part of "WebR Force Verification"

It's not just Web R: all the other clients are affected too.