Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UserIdentity | Pitfalls with pin() on User, that is triggering a full IdentityChanges and can overwrite changes #4088

Open
BillCarsonFr opened this issue Oct 8, 2024 · 0 comments
Open

UserIdentity | Pitfalls with pin() on User, that is triggering a full IdentityChanges and can overwrite changes #4088

BillCarsonFr opened this issue Oct 8, 2024 · 0 comments
Labels
encryption

Comments

@BillCarsonFr
Copy link
Member

Scenario: A caller keeps a UserIdentity (I) in memory for some time; meanwhile a keys_query response updates the identity to (I') with new cross-signing keys.

A call to pin on the old identity will trigger an IdentityChange that would wrongly revert the cross-signing keys from I' to I.

=> If we expose the PIN API we need to make it resistant to that.

Consequences: a new identity update will be lost, meaning we will block sending and decrypting messages to/from a user with the new identity (and potentially send/receive to/from an outdated identity).
Notice that the next keys_query update will fix the problem (if any).

Workaround: don't hold on to the UserIdentity object in memory as much as possible - only get it and immediately call pin(). (This is the expected behaviour of EX.)

See related/similar issue with #4073
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
encryption
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@BillCarsonFr