E2EE spectacularly fails to recover after running out of OTKs

element-hq / element-web

A glossy Matrix collaboration client for the web.

https://element.io

GNU Affero General Public License v3.0

11.23k stars 2k forks source link

E2EE spectacularly fails to recover after running out of OTKs #17578

Open ara4n opened 3 years ago

ara4n commented 3 years ago

I'm assuming that after being offline for a week, eleweb ran out of OTKs. However, since coming back online, i'm still getting UISIs from everyone - it looks like they've given up trying to reestablish new Olm sessions.

Meanwhile, surely we should be providing fallback keys to prevent this failure mode?

jryans commented 3 years ago

I have confirmed that at least for two web users, we do successfully claim fallback keys when OTKs run out, and the target user is able to read those messages (without trying a room key request), so the core functionality of fallback keys is working here.

This may require deeper analysis by the crypto team down the road.

ara4n commented 3 years ago

any idea whether Element Mobile handles sending to an OTK-exhausted Element Web well? As this might explain my symptoms.

ara4n commented 3 years ago

@lampholder and @Philip-Roy confirm seeing this recently too - i've asked tom to rageshake given his is in progress right now.