Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

E2E Device lists can get out of sync with the devices actually present in a room. #2411

Open
2 of 7 tasks
ara4n opened this issue Jul 7, 2018 · 11 comments
Open
2 of 7 tasks
Labels
A-E2EE S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect T-Epic Issue is at Epic level

Comments

@ara4n
Copy link
Member

ara4n commented Jul 7, 2018

Device lists can get out of sync for various reasons:


@richvdh mentioned in #e2e-dev the other day that he'd had some thoughts on how to address these:

<Matthew> richvdh: so, you think we should make devicelists a best effort thing
<Matthew> and if A sends to B and B’s server sees B has added devices (whether B is invited or joined)
<Matthew> then B’s server should tell A, “actually, encrypt for more devices plz”
<Matthew> and you hope that turnaround happens fast enough that A is still there and will then handle whatever verification is needed to do so?
<richvdh> yup
<richvdh> you would probably apply more intelligence, so that A can choose not to send to certain of B's devices
<richvdh> so, alongside the message, A would say "I'm targeting generation # 123 of B's device list", and B's server would compare the generation number rather than the actual target devices

However, this doesn't help solve the issue on element-hq/element-web#2713 (comment) where the messages would only be sent to the invited user after they joined the room (at which point it's too late for the sender to re-encrypt them for missing devices). I wonder if a solution could be to support subscribing to arbitrary user devices using simple pubsub semantics: Alice can subscribe to updates about Bob's device list (using an API which hopefully is resilient to unreliable connectivity between Alice & Bob's HSes). Updates could only be allowed if Alice can 'see' Bob (i.e. if Alice has invited Bob or shares a room with him), although this is a pretty weak security mechanism given anyone can invite anyone (although at least Bob would know that Alice was stalking him).

I've opened this issue to track the idea of rethinking how devicelists work (again) before they get baked into the spec.

@ara4n
Copy link
Member Author

ara4n commented Jul 12, 2018

an alternative could be to just store and relay device lists as a room (as well as other per-user profile info, presence lists, etc).

@kegsay
Copy link

kegsay commented Jul 13, 2020

rethinking how devicelists work (again) before they get baked into the spec.

was this ever addressed before it landed in the spec?

@williamkray
Copy link

i regularly have users that cannot decrypt messages from specific other users in encrypted rooms. the fix is often to use /discardsession or part/rejoin the room. is this related? is this the issue they should be sending their rageshake logs to? i've been struggling for the last year or so to tell them what to do about this and nobody has had any answers, but this seems to align with the behavior i'm seeing. if i can at least point them to an issue to connect their logs to, they might feel more enabled to actually send those logs.

@kittykat kittykat added T-Epic Issue is at Epic level and removed P1 labels Dec 16, 2021
@turt2live
Copy link
Member

Related: element-hq/element-web#3846

@richvdh
Copy link
Member

richvdh commented Oct 19, 2023

rethinking how devicelists work (again) before they get baked into the spec.

was this ever addressed before it landed in the spec?

it was not.

@richvdh
Copy link
Member

richvdh commented Jan 12, 2024

so, alongside the message, A would say "I'm targeting generation # 123 of B's device list", and B's server would compare the generation number rather than the actual target devices

This continues to be the sort of thing I'm thinking about to fix this. I'm not quite sure what the mechanism would be for transmitting that extra metadata alongside the message: in a large room including a device-list generation for each user could be a very large amount of data.

@dkasak
Copy link
Member

dkasak commented Jan 12, 2024

A would say "I'm targeting generation # 123 of B's device list"

I guess I'm failing to follow a bit. What exactly would be the expected effect or outcome of A sending this metadata?

@richvdh
Copy link
Member

richvdh commented Jan 14, 2024

A would say "I'm targeting generation # 123 of B's device list"

I guess I'm failing to follow a bit. What exactly would be the expected effect or outcome of A sending this metadata?

The idea is something along the lines of: If, by the time the message reaches B's server (or maybe even one of B's devices), the device list is now at generation # 124, it would send a notification back to A, who would re-fetch the device list and try again.

@richvdh richvdh transferred this issue from element-hq/element-web Apr 30, 2024
@richvdh
Copy link
Member

richvdh commented Apr 30, 2024

However, this doesn't help solve the issue on element-hq/element-web#2713 (comment) where the messages would only be sent to the invited user after they joined the room (at which point it's too late for the sender to re-encrypt them for missing devices)

I don't understand this. What does it mean "messages would only be sent to the invited user after they joined the room" ?

Anyone any idea?

@richvdh richvdh changed the title Your server's E2E Device lists can get out of sync with the devices actually present in a room. E2E Device lists can get out of sync with the devices actually present in a room. Apr 30, 2024
@kegsay
Copy link

kegsay commented Apr 30, 2024

The issue in the linked comment is talking about the scenario where Alice invites Bob to a room, says something in the room (so we encrypt for Bob's devices) but then a new device for Bob logs in, and Alice doesn't know about the new device so doesn't encrypt for it. This is mitigated by key backups because Bob's original device will be uploading keys to the backup which the new device can read.

In this context, the sentence "messages would only be sent to the invited user after they joined the room" effectively means messages would only be sent to the new device after they joined the room, which I think is what he is trying to say?

@richvdh
Copy link
Member

richvdh commented May 1, 2024

Oh right. Well, we can discuss that further on element-hq/synapse#3504 rather than trying to use this epic issue for it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-E2EE S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Defect T-Epic Issue is at Epic level
Projects
None yet
Development

No branches or pull requests

7 participants