Conversations: OMEMO: Encrypted message notification

maybe i understand this wrong

but either your device id is in the message, that means the message got encrypted for that device, so the key exchange happend

or you receive a message without your device id. this can have multiple reasons. for example someone doesnt trust that device
you want to get informed about every message that doenst have your device id in it?

Yes, I think it could add beter clarity.

It is not a frequent situation to receive encrypted messages and cannot decipher them. Correct me if I am wrong but in all cases it should be a temporary situation caused by misconfiguration or pending questions (of trust for instance).

If one of my device was not trusted by a peer, I would be glad to know it instead of having a part of the conversation. Then we could fix together the issue.

Just came across another use case for such notifications:

A friend of mine (generally tech-savvy but unaware of OMEMO's internal operation) and other friends usually communicate through a few MUCs. Because my friend's phone broke, he sent it in for repair and is now using a replacement mobile. He re-used his account details on the replacement, but of course, his original mobile's OMEMO keys aren't on it, so this replacement mobile now (silently) drops all encrypted messages me and my friends are sending to him in the MUCs and 1:1 chats as well. It took a while for me to figure out what was going on.

I think a clear notification (maybe one per chat room) that he got an encrypted message which couldn't be decrypted because no key was on the mobile for any of the message's device keys would've been very helpful in learning about the problem.

In any case more helpful than us all frantically trying to get him to respond to our - encrypted - messages he didn't even see.

@FriendFX Did you get his messages when he notified you about the "device change"... you know the usual "Hey, I got another phone blahblah" ?

@licaon-kter Yes, these first messages from his new phone were unencrypted... and I got them. Unfortunately he didn't get mine, I guess because mine were still using his old phone's public keys.

The issue is that I, as an end user, have to know (because he told me that he has a new phone now) that I need to switch to un-encrypted to tell him to activate OMEMO again. And other parties unaware of the phone change (why would he tell everyone about it? He still uses his same old JID) are probably wondering why he doesn't respond to any of their encrypted messages. And he just sits there wondering why he doesn't get any messages from them.

I am sure somewhere there is a smart manual on how to switch phones with Conversations in order to move the existing OMEMO keys safely from an old to a new mobile, but in real life only a tiny fraction of users will be in a position to actually do it correctly when the need arises... unless it's done by the service personnel that issues the "replacement phone".

This problem is quite frequent if users reset their phones or use custom roms. In my opinion Conversations should at least display a warning that a message was received but cannot be shown.

I'd like to support the request stated above: Conversations should display that it wasn't able to decrypt a message sent by user XY.
Related are the facts that Chatsecure revokes trust in a key in certain cases (https://github.com/ChatSecure/ChatSecure-iOS/issues/814) and that Prosody starts with an empty list of keys (https://github.com/ChatSecure/ChatSecure-iOS/issues/814#issuecomment-377683816).

I also support the request.
It must to be clarified.

Conversations now displays messages when an omemo messages can not be decrypted (needs mam:2 support on the server) and when an OMEMO message wasn’t encrypted for this device.