Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
OMEMO: Encrypted message notification #1901
This situation happens when a new device is added to a set of device and did not yet accomplished the key info excganges or on a MUC.
This is bad because if this situation happens the user is not notified that OMEMO is failing.
For instance I waste a lot of time believing that Carbon copy was not working and instead it was an OMEMO issue. Sending clear message would solve the issue and we would suddenly understand that the XMPP layer was OK.
OMEMO or Axolotl (can't remember) asks to silently drop this kind of message but this is a protocol requirement, not a GUI one.
maybe i understand this wrong
but either your device id is in the message, that means the message got encrypted for that device, so the key exchange happend
or you receive a message without your device id. this can have multiple reasons. for example someone doesnt trust that device
Yes, I think it could add beter clarity.
It is not a frequent situation to receive encrypted messages and cannot decipher them. Correct me if I am wrong but in all cases it should be a temporary situation caused by misconfiguration or pending questions (of trust for instance).
If one of my device was not trusted by a peer, I would be glad to know it instead of having a part of the conversation. Then we could fix together the issue.
referenced this issue
Jun 9, 2016
Just came across another use case for such notifications:
A friend of mine (generally tech-savvy but unaware of OMEMO's internal operation) and other friends usually communicate through a few MUCs. Because my friend's phone broke, he sent it in for repair and is now using a replacement mobile. He re-used his account details on the replacement, but of course, his original mobile's OMEMO keys aren't on it, so this replacement mobile now (silently) drops all encrypted messages me and my friends are sending to him in the MUCs and 1:1 chats as well. It took a while for me to figure out what was going on.
I think a clear notification (maybe one per chat room) that he got an encrypted message which couldn't be decrypted because no key was on the mobile for any of the message's device keys would've been very helpful in learning about the problem.
In any case more helpful than us all frantically trying to get him to respond to our - encrypted - messages he didn't even see.
@licaon-kter Yes, these first messages from his new phone were unencrypted... and I got them. Unfortunately he didn't get mine, I guess because mine were still using his old phone's public keys.
The issue is that I, as an end user, have to know (because he told me that he has a new phone now) that I need to switch to un-encrypted to tell him to activate OMEMO again. And other parties unaware of the phone change (why would he tell everyone about it? He still uses his same old JID) are probably wondering why he doesn't respond to any of their encrypted messages. And he just sits there wondering why he doesn't get any messages from them.
I am sure somewhere there is a smart manual on how to switch phones with Conversations in order to move the existing OMEMO keys safely from an old to a new mobile, but in real life only a tiny fraction of users will be in a position to actually do it correctly when the need arises... unless it's done by the service personnel that issues the "replacement phone".
I'd like to support the request stated above: Conversations should display that it wasn't able to decrypt a message sent by user XY.