Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verify all devices in channel #46

Closed
ghost opened this issue Feb 12, 2019 · 6 comments
Closed

Verify all devices in channel #46

ghost opened this issue Feb 12, 2019 · 6 comments
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed info-needed Further information is requested

Comments

@ghost
Copy link

ghost commented Feb 12, 2019

I looked through the command code but couldn't figure a way to verify all devices in a room. Is there currently a way to do this?

In encrypted rooms with more than a couple users, this becomes quite some labor - especially when devices has been verified previously and you just need to get a new baseline.
@poljar
Copy link
Owner

poljar commented Feb 12, 2019

There is no option to verify all devices in a room but the verify and unverify command support the wildcard char * to select all users or all devices of a user.

Also they arguments for the commands don't need to be exact, for example the command /olm verify example * will verify every device for users that contain the string example in it's user id.

The command will print out the devices for which the verification state has changed.

@poljar poljar added the info-needed Further information is requested label Feb 12, 2019
@ghost
Copy link
Author

ghost commented Feb 13, 2019

Ok. Thanks. Is this a deliberate design decision aligned with the Riot policy, or is it something that can be assessed for future addition? Or should this be implemented in some sort of other function in Weechat?

The way I've worked this so far is that you build historic trust in the group using a channel. When a new person joins in, the historic devices/users are already verified by the existing users. I believe this will be prevalent when you get encrypted rooms with, say, more than 100 users - where you today would need to run 100 olm verify commands (and no-one would do that thoroughly anyways).

@poljar
Copy link
Owner

poljar commented Feb 13, 2019

It's actually against recommendations since you can verify devices insecurely in bulk. To make device verification easier device cross signing should be implemented in nio.

Cross signing is currently being implemented in riot so it'll probably be a while before that gets added to nio.

Verifying all room users could be added as a feature but since you already can verify an arbitrary subset of users in bulk I don't have any interest adding that myself.

@poljar poljar added enhancement New feature or request help wanted Extra attention is needed good first issue Good for newcomers labels Feb 13, 2019
@ghost
Copy link
Author

ghost commented Feb 13, 2019

That is good enough for me. Thanks.

@r3k2
Copy link

r3k2 commented Mar 24, 2019

thanks @poljar great job on the plugin <3

@poljar
Copy link
Owner

poljar commented Jul 13, 2019

I don't think we should encourage users to verify devices in bulk since ignoring devices in bulk is now supported. Ignoring all devices in a room is as well supported, so closing this now.

@poljar poljar closed this as completed Jul 13, 2019
@BlackLotus BlackLotus mentioned this issue May 11, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed info-needed Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@poljar @r3k2