The UX when "Never send encrypted messages to unverified sessions from this session" is enabled is bad and can cause unexpected UTDs

[kegsay]

Element-Web, Android and iOS all have the ability to enable a security flag which says something like:

Never send encrypted messages to unverified sessions from this session

This can cause UTDs if the recipient has not been verified yet. We should really be displaying warning banners if there are unverified devices in the room when you are typing a message, to warn the sender that this message will be undecryptable for some devices/users.

This appears at the protocol level as a "withheld" to-device message - https://spec.matrix.org/latest/client-server-api/#reporting-that-decryption-keys-are-withheld with the code of m.unverified.

[BillCarsonFr]

This is actually a expected UTD, we should probably report it as such. Check that we properly display the withheld code to the user, if not it's bug.

[richvdh]

Can confirm this doesn't work correctly in Web: https://github.com/element-hq/element-web/issues/27653