jryans
commented
4 years ago What is in the Settings -> Security -> Cross-signing -> Advanced area for each?
Open turt2live opened 4 years ago
jryans
commented
4 years ago What is in the Settings -> Security -> Cross-signing -> Advanced area for each?
turt2live
commented
4 years ago Bootstrapped:
New:
jryans
commented
4 years ago Hmm, okay. Looks like the new device doesn't have your cross-signing public key info loaded, so it's a bit confused about things. It should have received this from the homeserver via device list updates...
Actually, this seems quite similar to the conditions for https://github.com/matrix-org/synapse/pull/7160. @turt2live, can you retest on a homeserver with that PR included? I don't think it's part of a Synapse release yet... Was this user in any rooms at all? As a workaround on any version of Synapse, you should be able to join at least one encrypted room, and then device list updates should be coming in that would resolve this.
turt2live
commented
4 years ago The user was in about 20 encrypted rooms (with themselves only). I've obliterated that account through testing, but have reproduced it with a new account using the latest develop version of synapse (as of writing). The new user was also in a room.
jryans
commented
4 years ago @turt2live Did you see any toasts to verify / upgrade things on the new device? According to the advanced details, the new session is not cross-signing ready yet, so there really should be a toast... Is this from develop or a custom Riot?
turt2live
commented
4 years ago This is develop, and I did get a toast but dismissed it. Surely it shouldn't tell me everything is fine if I haven't verified my own device?
jryans
commented
4 years ago @turt2live Which part is signalling "everything is fine"? The black shields on the new device?
turt2live
commented
4 years ago The lack of red sirens going off on the new client. A black shield gives a sense of "it's fine but not ideal".
bwindels
commented
4 years ago Ok, so this is basically "Not clear how to proceed after dismissing setup encryption toast". I thought we had a bug for this already but can't find it now.
The black shields sort of make sense considering that we don't know yet whether we trust our own master key, it is also what we do for other users. I wonder if we should mark our own devices as red if we haven't verified our own master key yet. Is that what you are arguing for @turt2live?
turt2live
commented
4 years ago I guess so. I feel there's a bug here somewhere, but am really unsure as to what the answer is. It feels like a black shield is wrong, but I'd probably also file a bug about anything that forced me to verify in that instant (either by making everything red or by using modal dialogs).
Probably fine to de-prioritize this for now.
jryans
commented
4 years ago I can see how this is a bit surprising, but at the moment it sounds like something to review after release.
Bootstrapped device:
New device: