Remove protected chats #7116
Open
Remove protected chats #7116
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
link2xt
force-pushed
the
link2xt/ykltkokxntvk
branch
from
c7e6f1c to
e180d7f
Compare
link2xt
commented
Aug 16, 2025
| mimeparser: &MimeMessage, | ||
| ) -> Result<()> { | ||
| if mimeparser.get_header(HeaderDef::ChatVerified).is_none() { |
There was a problem hiding this comment.
Old Chat-Verified mechanism is completely ignored here.
All the tests now work using only the new mechanism.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
There was a problem hiding this comment.
I have implemented the first way by moving reception into a separate PR #7147 that should go into a separate release.
| @@ -34,88 +34,112 @@ Content-Transfer-Encoding: 7bit | |||
|
|
|||
| -----BEGIN PGP MESSAGE----- | |||
|
|
|||
| wU4D5tq63hTeebASAQdATHbs7R5uRADpjsyAvrozHqQ/9nSrspwbLN6XJKuR3xcg | |||
There was a problem hiding this comment.
Payload here is replaced to have no Chat-Verified header inside and have _verified=1 in gossip headers. Payload got larger likely because rsop does not do compression and I had to reencrypt the payload.
link2xt
force-pushed
the
link2xt/ykltkokxntvk
branch
4 times, most recently
from
867c2ba to
780ca50
Compare
link2xt
force-pushed
the
link2xt/ykltkokxntvk
branch
3 times, most recently
from
53d6a2d to
a6301b9
Compare
link2xt
force-pushed
the
link2xt/ykltkokxntvk
branch
11 times, most recently
from
88700f4 to
5b31b5d
Compare
link2xt
force-pushed
the
link2xt/ykltkokxntvk
branch
from
6b67844 to
6052d1a
Compare
link2xt
force-pushed
the
link2xt/ykltkokxntvk
branch
from
6052d1a to
4e956bd
Compare
link2xt
force-pushed
the
link2xt/ykltkokxntvk
branch
from
f1389dd to
701dafe
Compare
link2xt
force-pushed
the
link2xt/ykltkokxntvk
branch
from
0b8c3ca to
904e5a3
Compare
link2xt
force-pushed
the
link2xt/lypqsuxkxulr
branch
from
ec369bc to
4ab43d6
Compare
link2xt
force-pushed
the
link2xt/ykltkokxntvk
branch
from
904e5a3 to
d8c237b
Compare
link2xt
force-pushed
the
link2xt/lypqsuxkxulr
branch
from
4ab43d6 to
355ceaa
Compare
link2xt
force-pushed
the
link2xt/ykltkokxntvk
branch
2 times, most recently
from
6d9ce24 to
b91322a
Compare
link2xt
force-pushed
the
link2xt/lypqsuxkxulr
branch
from
2000568 to
04eda07
Compare
link2xt
force-pushed
the
link2xt/ykltkokxntvk
branch
from
b91322a to
49f6b8d
Compare
link2xt
changed the base branch from
link2xt/lypqsuxkxulr
to
link2xt/recv-gossip-verified
link2xt
force-pushed
the
link2xt/ykltkokxntvk
branch
from
49f6b8d to
83a9265
Compare
link2xt
force-pushed
the
link2xt/recv-gossip-verified
branch
from
9ec820e to
ce3c94c
Compare
link2xt
force-pushed
the
link2xt/ykltkokxntvk
branch
from
83a9265 to
45c2c57
Compare
link2xt
force-pushed
the
link2xt/recv-gossip-verified
branch
from
ce3c94c to
0a89a7c
Compare
link2xt
force-pushed
the
link2xt/ykltkokxntvk
branch
from
45c2c57 to
8886ac4
Compare
link2xt
force-pushed
the
link2xt/recv-gossip-verified
branch
from
0a89a7c to
39a3111
Compare
link2xt
force-pushed
the
link2xt/ykltkokxntvk
branch
from
8886ac4 to
c64ea59
Compare
link2xt
force-pushed
the
link2xt/recv-gossip-verified
branch
from
39a3111 to
a231725
Compare
link2xt
force-pushed
the
link2xt/ykltkokxntvk
branch
from
c64ea59 to
9086f0f
Compare
This mechanism replaces `Chat-Verified` header. New parameter `_verified=1` in `Autocrypt-Gossip` header marks that the sender has the gossiped key verified. Using `_verified=1` instead of `_verified` because it is less likely to cause troubles with existing Autocrypt header parsers. This is also how https://www.rfc-editor.org/rfc/rfc2045 defines parameter syntax.
link2xt
force-pushed
the
link2xt/ykltkokxntvk
branch
from
9086f0f to
1871031
Compare
link2xt
force-pushed
the
link2xt/recv-gossip-verified
branch
from
a231725 to
1d8f4a3
Compare
Create unprotected group in test_create_protected_grp_multidev The test is renamed accordingly. SystemMessage::ChatE2ee is added in encrypted groups regardless of whether they are protected or not. Previously new encrypted unprotected groups had no message saying that messages are end-to-end encrypted at all.
link2xt
force-pushed
the
link2xt/ykltkokxntvk
branch
from
1871031 to
f5d3f7f
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Based on #7147
Since key-contacts cannot change their keys and having "verification" is less important for contact identification than having a chat history or shared chats with a contact, UIs have stopped displaying green checkmarks everywhere (deltachat/deltachat-android#3828).
There was also a bug #7107 (closed in #7113) that resulted in updating "verified by" information for already verified contacts, so the information about "verifiers" is lost.
We also want to make "verification" more meaningful by only verifying contacts if contact QR code is scanned directly within a short period of time and not just because someone used an invite link to join the group: #7111
Because of this it makes sense to reset existing verification status for contacts and start from scratch.
We can also allow to remove verification from contacts (https://support.delta.chat/t/how-would-i-remove-the-verified-checkmarks-from-one-invite-code-in-retrospect/3403) as it will not break "protected" chats anymore, but this is out of scope for this PR.
The plan is to stop creating new "protected" chats, convert already "protected" group chats into just group chats, reset existing verifications and switch to a new mechanism for verification gossip so old verifications don't resurrect via gossip.
What this PR does:
is_protection_brokenAPIs. (moved to Various protected group changes #7146)is_profile_verifiedAPI. (moved to Various protected group changes #7146)Chat-Verified: 1header._verifiedattribute forAutocrypt-Gossipand use it to indirectly verify key-contacts when such attribute is received from a verified contact (whether directly verified or not).add_partsthat result in "The message was sent by non-verified contact" messages. We likely don't need to passverified_encryptionaround, it is only used to decide whether we want to accept verification gossip from the contact.Chat.is_protected()APIs.dc_contact_is_verifieddocumentation.To close #7111 we also need to:
Closes #7080 (replace verification gossip mechanism with a new one that works using Autocrypt-Gossip header and is independent of "protected chats")
Closes #7112 (removing deprecated and unneeded APIs)