element-x-ios icon indicating copy to clipboard operation
element-x-ios copied to clipboard
verified publisher icon element-hq

Inviting a user to an E2EE room does not share keys for history with them, causing UISIs everywhere.

Open ara4n opened this issue 2 years ago • 5 comments

Steps to reproduce

  1. In EX, Invite a user to an E2EE room.
  2. The user accepts the invite
  3. They never receive the keys for the shared history, so will not be able to catch up on history.
  4. EX will show these messages as UISIs rather than surpressing them.

Outcome

What did you expect?

If you invite a user to a room, you should share them the keys they need to decrypt the messages they have permission to. (RHUL might have undermined this, given it lets malicious servers fake invites to steal keys, in which case we might instead need to wait until we have client-controlled group membership).

What happened instead?

UISIs everywhere.

Your phone model

No response

Operating system version

No response

Application version

343

Homeserver

No response

Will you send logs?

No

ara4n avatar Aug 15 '23 19:08 ara4n

I don't think this is true anymore. The complement-crypto tests at least pass for invited users.

kegsay avatar Nov 16 '23 12:11 kegsay

I think K is right, closing

stefanceriu avatar Jun 25 '24 09:06 stefanceriu

Sorry, it looks like the bug wasn't clear enough - this bug is definitely still open. When you invite a user into a room, EX does not share the historical keys with the user.

This is:

  • https://github.com/matrix-org/matrix-rust-sdk/issues/580 at the rust level
  • https://github.com/matrix-org/matrix-rust-sdk/pull/2650 as an implementation at rust

...but is snarled in RHUL fallout still. But from a product perspective, it's a real black eye.

ara4n avatar Jun 25 '24 11:06 ara4n

Ah, it would help if you didn't mention invites then. This is a general "we don't share historical keys" bug, invites are not a pre-req.

kegsay avatar Jun 25 '24 11:06 kegsay

but this is specifically about invites! the missing behaviour is that when Alice invites Bob to a room with shared hist viz, she should (in theory) use MSC3061 to send a tonne of keyshares for the history in that room so that Bob can actually read history.

In other words, it's the EX implementation of:

  • https://github.com/matrix-org/matrix-js-sdk/pull/1640
  • https://github.com/element-hq/element-ios/issues/4947
  • https://github.com/element-hq/element-android/issues/4153

Now, i think these got backed out post-RHUL, which is why this is now all in limbo, but from a product perspective i'm trying to point out that it's an awful experience and we've regressed here without a clear path forwards.

ara4n avatar Jun 25 '24 12:06 ara4n

Just ran into this when inviting a user (he is using EX) to a E2EE room with 8 others. He got the message to get the keys for the previous messages, but nothing happens. New messages decrypt just fine on his phone. He is using only EX on his account and this is the only session he has

Would it help if he logged into his account on ED or EW? Would the keys then eventually sync up so his EX shows the messages?

moritzdietz avatar Dec 27 '24 13:12 moritzdietz