Messages sent from verified session marked as un-verified

matrix-org / dendrite

Dendrite is a second-generation Matrix homeserver written in Go!

https://matrix-org.github.io/dendrite/

Apache License 2.0

5.52k stars 656 forks source link

Messages sent from verified session marked as un-verified #1990

Open alistair23 opened 2 years ago

alistair23 commented 2 years ago

Background information

Dendrite version or git SHA: 037ff4fb2364cbee7a3a9a856cd2a711f5398682
Monolith or Polylith?: Monolith
SQLite3 or Postgres?: Postgres
Running in Docker?: No
go version: 1.15.6

Description

I setup cross signing in Element and I can chat to others via encrypted rooms with everything working correctly.

I then sign in on the lastest build of Nheko. I then manually verify the Nheko device in Element so that it is treated as verified.

When I send a message from Nheko it still flags to other users as sent from an unverified session.

Looking at the device_id in the message I see it was sent from my verified Nheko instance.

I don't see anything interesting in the log to indicate an error

Steps to reproduce

Verify a Nheko instance
Send an encrypted message.

kegsay commented 2 years ago

Cross-signing is not fully implemente over federation as per:

  Cross-signing Keys       :  75% (6/8 tests)
    ✓ Can upload self-signing keys
    ✓ Fails to upload self-signing keys with no auth
    ✓ Fails to upload self-signing key without master key
    ✓ Changing master key notifies local users
    ✓ Changing user-signing key notifies local users
    ✓ can fetch self-signing keys over federation
    × uploading self-signing key notifies over federation
    × uploading signed devices gets propagated over federation

Was the person you were trying to talk to on a different server?

alistair23 commented 2 years ago

Yes, they were on a different server

kegsay commented 1 month ago

This has been 100% for some time now:

Cross-signing Keys       : 100% (8/8 tests)
      ✅ Can upload self-signing keys
      ✅ Fails to upload self-signing keys with no auth
      ✅ Fails to upload self-signing key without master key
      ✅ Changing master key notifies local users
      ✅ Changing user-signing key notifies local users
      ✅ can fetch self-signing keys over federation
      ✅ uploading self-signing key notifies over federation
      ✅ uploading signed devices gets propagated over federation

kegsay commented 1 month ago

I'm assuming that the Element instance was Element-Web. If so, you may have hit https://github.com/element-hq/element-web/issues/21919