Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invisible crypto: Handle Identity Verification violation after we reset our own identity #2691

Open
BillCarsonFr opened this issue Jan 13, 2025 · 3 comments
Open

Invisible crypto: Handle Identity Verification violation after we reset our own identity #2691

BillCarsonFr opened this issue Jan 13, 2025 · 3 comments

Comments

@BillCarsonFr
Copy link
Member

BillCarsonFr commented Jan 13, 2025
edited
Loading

This is the symetrical issue of #2492, when there is a verification violation not because the other party changed their identity but rather the current user that reset their own identity.

Scenario:

  1. Alice verifies Bob and Carol.
  2. Alice now resets her identity

Now Bob and Carol are in verification violation, because they used to be verified but are not any more.

Actual Problem

If we just do #2492 the UI will say Bob's verified identity has changed with the option to Withdraw verification or to re-verify.

=> This message is factually false. Bob identity has not changed, it's Alice's identity that changed.

Expected

There are several options.

  1. We could automatically withdraw all verification requirements after the reset.
    • Problem: given that withdraw is local, Alice's other devices will still show the violation.
  2. Detect when the violation is due to own identity change, and display a specific message
    • This case could be detected by noticing that there is a verification violation but not a pin violation.
  3. Does (future) Global Pinning (as opposed to local pinning) (ER-156) help here?
  4. Use a more generic message: XX was verified but is not anymore, then go through the details in the learn more?
@BillCarsonFr BillCarsonFr mentioned this issue Jan 13, 2025
Open
@richvdh richvdh changed the title Invisible crypto: Handle Identity Verification violation after a own Identity reset. Invisible crypto: Handle Identity Verification violation after we reset our own identity Jan 13, 2025
@richvdh
Copy link
Member

richvdh commented Jan 13, 2025

Also related to post-reset behaviour: #2610

@mxandreas
Copy link

mxandreas commented Jan 14, 2025
edited
Loading

with the option to Withdraw verification or to re-verify.

@BillCarsonFr Just in case to point out that the problem is not only with the wording in the banner that shows up on top of the composer, but everywhere where we using the wording 'X's verified identity has changed'. There are other cases on UI where we show it.

@BillCarsonFr
Copy link
Member Author

BillCarsonFr commented Jan 16, 2025
edited
Loading

with the option to Withdraw verification or to re-verify.

@BillCarsonFr Just in case to point out that the problem is not only with the wording in the banner that shows up on top of the composer, but everywhere where we using the wording 'X's verified identity has changed'. There are other cases on UI where we show it.

Right, it applies to the send error copy and stopgap UI.
#2500

Image

and

Image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@richvdh @BillCarsonFr @mxandreas