Open GregSutcliffe opened 2 years ago
Where is the remote contact? On a different homeserver? Is it Synapse or Dendrite?
Bad choice of words on my part - remote == different homeserver, yes (vs local for same homeserver). My friend is on an EMS-hosted instance, so I presume that's Synapse.
Yes, that would be Synapse then — we are aware of an issue where Synapse is incorrectly stripping device signatures which Element Web would otherwise be happy with, it's being tracked in matrix-org/synapse#12548.
Would that affect Android too? my friend saw the unverified session on Element Web, Desktop, and Android this morning. Can ask for versions if you need them.
It would affect any client on the Synapse side, yes, because the server is failing to validate the signature for some reason and is stripping it out instead of handing it down to the clients.
Since Dendrite doesn't perform the signature validation serverside and just leaves the clients to do the right thing, verification from Dendrite to Dendrite generally works fine.
Perfect, thanks for the explanation. I shall go track that issue!
This (or possibly something else) is becoming a bigger issue now. My matrix.org contacts are seeing (apparently) random messages be undecryptable - I've seen it myself when chatting between my Dendrite and my matrix.org accounts, and it's happened in at least 5 other rooms, but it doesn't last - at some point I can send decryptable messages again.
Here's a screenshot one of my contacts took of it happening:
I can't see a pattern as to what causes it, but the upshot is that I basically can't trust that messages I send over federation will actually be readable - which makes me sad, I'm trying to migrate away from matrix.org ;)
What I'm unclear on is whether intermittent issues could be due to the Synapse bug, or if that would break encryption entirely. If the behaviour is consistent with the Synapse bug, then I am happy to go ask there; if not should I open a new bug? What logs should I look for to support this?
I can now reproduce this on a single Dendrite account, so I think the above has nothing to do with Synapse. I will open a new issue, sorry for the noise.
This might be fixed with the recent fixes to the js sdk. It was notable to me that SchildiChat was never affected, it was my one reliable client, and since the sdk fix, element web on both my laptops appears to function correctly - I now have all my sessions verified as seen from my matrix.org user.
Might need some testing to see if it's still reproducible, but at the moment this seems to be working...
I seem to still run into this issue, but with slightly different behavior.
Even though I (on dendrite 0.12.0+74dc546) have 3 cross-signed sessions (I can see all of them verified) all using secure backup, when I try to verify with someone (matrix.org, so a synapse homeserver) Only one session gets verified, the cross signed sessions don't.
I did quite a few tests yesterday and got pretty frustrated about it, but https://github.com/matrix-org/synapse/issues/12548 would explain why this is happening, as I also tried to verify my sessions with an alt account on dendrite.matrix.org, which correctly verified my cross signed sessions. (my dendrite 0.12.0+74dc546 X dendrite.matrix.org 0.12.0)
Background information
go version
: 1.17.9Description
Steps to reproduce
Expected: Remote contact sees the new session as verified because it was authenticated by the user