Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Element X: Return an error when sharing a room key to a verified user, who is no longer verified #3793

Closed
Tracked by #2488
richvdh opened this issue Aug 1, 2024 · 2 comments · Fixed by #3816
Closed
Tracked by #2488

Element X: Return an error when sharing a room key to a verified user, who is no longer verified #3793

richvdh opened this issue Aug 1, 2024 · 2 comments · Fixed by #3816
Assignees
@richvdh

Comments

@richvdh
Copy link
Member

richvdh commented Aug 1, 2024

Part of element-hq/element-meta#2488, and a follow-up to #1129 and #3792.

We need to prevent people who have explicitly verified someone accidentally sending messages. OlmMachine::share_room_key should check whether any of the target users have previously been verified; if so, and those users are no longer verified, share_room_key should return an error code.

We should ensure the error code is propagated up through the ui crate.

This behaviour needs to be optional, so should be configured via EncryptionSettings (could be the same setting as #3792).
This was referenced Aug 1, 2024
Closed
Closed
Closed
Open
@BillCarsonFr BillCarsonFr self-assigned this Aug 5, 2024
@richvdh
Copy link
Member Author

richvdh commented Aug 6, 2024

See element-hq/element-meta#2488 (comment) for designs

@BillCarsonFr BillCarsonFr mentioned this issue Aug 8, 2024
Merged
@richvdh richvdh linked a pull request Aug 12, 2024 that will close this issue
Crypto: return error when sharing keys with a user that was previously verified but is not any more #3816
Merged
@pixlwave
Copy link
Member

For my reference:

For "verification violation" there is a new UserIdentity::withdraw_verification that you can call, then retry sending. (you can also blacklist if you prefer via Device::set_local_trust)
⁦And same the error gaves you all the problematic user_id, so you can just iterate, withdraw_verification then resend

@richvdh richvdh assigned richvdh and unassigned BillCarsonFr Aug 12, 2024
This was referenced Aug 13, 2024
Closed
Closed
This was referenced Aug 13, 2024
Merged
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@richvdh richvdh

Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@richvdh @pixlwave @BillCarsonFr