Cross-signing over federation is missing out new sessions

[GregSutcliffe]

Background information

• Dendrite version or git SHA: 8683ff78b1bee6b7c35e7befb9903c794a17510c
• Monolith or Polylith?: Monolith
• SQLite3 or Postgres?: Postgres
• Running in Docker?: No
• go version: 1.17.9
• Client used (if applicable): develop.element.io

Description

• What is the problem: Cross-signing with federation was much improved a few weeks ago (thanks!), and I managed to properly cross-verify multiple sessions with a remote partner. However as of this week, we've started seeing my new sessions be unverified even though I have correctly verified them from an existing session
• Who is affected: instance users (there is only me on the server) and remote contacts
• How is this bug manifesting: Looking at Profile -> Sessions and via the "authenticity" shield warning next to messages
• When did this first appear: This week, I want to say after 0.8.2 but possibly present since before that.

Steps to reproduce

• Have several sessions (element-web, android, etc)
• Self-verify all those sessions for yourself
• Start a chat with a new remote contact
• Verify the contact (they should get all the sessions after one verify as expected)
• Start a new client, and verify from an existing session
• Remote contact will see the new session as unverified, and will need to manually verify it from each of their sessions

Expected: Remote contact sees the new session as verified because it was authenticated by the user

[neilalexander]

Where is the remote contact? On a different homeserver? Is it Synapse or Dendrite?

[GregSutcliffe]

Bad choice of words on my part - remote == different homeserver, yes (vs local for same homeserver). My friend is on an EMS-hosted instance, so I presume that's Synapse.

[neilalexander]

Yes, that would be Synapse then — we are aware of an issue where Synapse is incorrectly stripping device signatures which Element Web would otherwise be happy with, it's being tracked in matrix-org/synapse#12548.

[GregSutcliffe]

Would that affect Android too? my friend saw the unverified session on Element Web, Desktop, and Android this morning. Can ask for versions if you need them.

[neilalexander]

It would affect any client on the Synapse side, yes, because the server is failing to validate the signature for some reason and is stripping it out instead of handing it down to the clients.

Since Dendrite doesn't perform the signature validation serverside and just leaves the clients to do the right thing, verification from Dendrite to Dendrite generally works fine.

[GregSutcliffe]

Perfect, thanks for the explanation. I shall go track that issue!

[GregSutcliffe]

This (or possibly something else) is becoming a bigger issue now. My matrix.org contacts are seeing (apparently) random messages be undecryptable - I've seen it myself when chatting between my Dendrite and my matrix.org accounts, and it's happened in at least 5 other rooms, but it doesn't last - at some point I can send decryptable messages again.

Here's a screenshot one of my contacts took of it happening:

I can't see a pattern as to what causes it, but the upshot is that I basically can't trust that messages I send over federation will actually be readable - which makes me sad, I'm trying to migrate away from matrix.org ;)

What I'm unclear on is whether intermittent issues could be due to the Synapse bug, or if that would break encryption entirely. If the behaviour is consistent with the Synapse bug, then I am happy to go ask there; if not should I open a new bug? What logs should I look for to support this?

[GregSutcliffe]

I can now reproduce this on a single Dendrite account, so I think the above has nothing to do with Synapse. I will open a new issue, sorry for the noise.

[GregSutcliffe]

This might be fixed with the recent fixes to the js sdk. It was notable to me that SchildiChat was never affected, it was my one reliable client, and since the sdk fix, element web on both my laptops appears to function correctly - I now have all my sessions verified as seen from my matrix.org user.

Might need some testing to see if it's still reproducible, but at the moment this seems to be working...

[marekvospel]

I seem to still run into this issue, but with slightly different behavior.

Even though I (on dendrite 0.12.0+74dc546) have 3 cross-signed sessions (I can see all of them verified) all using secure backup, when I try to verify with someone (matrix.org, so a synapse homeserver) Only one session gets verified, the cross signed sessions don't.

I did quite a few tests yesterday and got pretty frustrated about it, but https://github.com/matrix-org/synapse/issues/12548 would explain why this is happening, as I also tried to verify my sessions with an alt account on dendrite.matrix.org, which correctly verified my cross signed sessions. (my dendrite 0.12.0+74dc546 X dendrite.matrix.org 0.12.0)