Cross-Signing device state not synced correctly

[TheJJ]

User A on homeserver a.org has 3 devices, all of them verified through cross-signing.

User B on homeserver b.org has 3 devices, also all verified.

Both do successfull cross-signing verification.

But they see each others devices as unverified afterwards. When examining a non-green device, it says @A:a.org signed in to a new session without verifying it. But that's not true, the sign-in was verified.

Version information

• riot-web 1.6.4
• synapse 1.15.0

[schildbach]

I'm seeing this too. The shield of the respective peer stays black (expected: green).

[TheJJ]

In my case, the issue seems to be that the homeserver only sends the master key for the user in /client/r0/keys/query, not the self-signing key. This is because the master key is cached on the homeserver, but not the self-signing key. I've submitted a possible fix in matrix-org/synapse#8455.

[TheJJ]

The problem still persists: Homeserver A does not have the cross-signing keys of the user @b:B in cache, but does have the devices. The cross-signing keys are not fetched, since the devices are cached.
I took another shot at it in matrix-org/synapse#10668.