This repository has been archived by the owner on Oct 29, 2020. It is now read-only.
As a user, I want e2e to work seamlessly when I restore my device from backup #24
Labels
Milestone
ie. the current problem that when a device is cloned, olm sessions break.
This is not the right place for this, but I think the answer here is:
Whenever we detect that a device has been cloned, we must immediately stop making device-specific client/server API calls, (probably) prompt the user, then discard the current device keys and olm sessions and create a new device (with current c/s API this probably means logging in again, akin to a soft logout). Note we can keep the megolm session keys, sync data, etc. We then cross-sign this new device, prompting the user for passphrase/recovery key or obtaining from a secure enclave if we have it.
NB. by writing data to a non-backed up location, the user will always be prompted to set up their new device on a newly restored device. With the nonce method, they stopped using their old device after backing up, their new device may just 'inherit' the identity of the old device. This is fine, since if they resume using the old device, it will detect that it has been cloned.
NB2. We don't even need to spec the nonce method since it's entirely client-specific by definition (ie. specific to an individual client's local data storage). We may still want to put it in the spec so save other clients from having to re-solve the same problem.
The text was updated successfully, but these errors were encountered: