Element-web: Signature upload failure (no MSK found) when trying to cross-sign over federation

@ara4n What version of Synapse is on arasphere.net now? Also, do you know what version was present there when @matthewtest:arasphere.net set up cross-signing?

Interesting... also since https://github.com/matrix-org/matrix-react-sdk/commit/29af8add5d5fbfa607be40e74944b64cc4e46f35 we should fall back to legacy verification when the other user doesn't have cross-signing keys uploaded yet. Perhaps we don't disable signature upload for legacy verification?

What's happening here is that the cross-signing keys from the older server get through to the newer one but then, at some later point (for me, when the user on the older server joins the room) the device on the newer server gets a cross-signing keys update with all 3 keys undefined. It seems like this is actually the server deciding the other user doesn't have cross-signing keys after all, but the device doesn't recognise this because it only replaces keys that are truthy in the object that it gets.

Synapse sends an object with 'undefined' as the value for keys that aren't included in the update (which it probably shouldn't) but this means we can't unset any key that's undefined.

Actually I think this is at least party due to an error affecting worker-ised synapses where it fails to write updates to cross-signing keys when updates come in via EDUs.

Filed on synapse: https://github.com/matrix-org/synapse/issues/7252

Update: one cause of this bug is now fixed, but there is another. I think 7252 would have affected anyone with existing accounts & rooms who added a device or cross-signing key, but I think 7276 will affect federated user IDs that no user on a server previously shared a room with (eg. if you crate two brand new accounts on different servers & try to verify them).

Fixed in synapse now