# Olm unwedging

Olm sessions sometimes get out of sync, resulting in undecryptable messages.
This proposal documents a method for devices to create a new session to replace
the broken session.

## Proposal

When a device receives an olm-encrypted message that it cannot decrypt, it
should assume that the olm session has become corrupted and create a new olm
session to replace it.  It should then send a dummy message, using that
session, to the other party in order to inform them of the new session.  To
send a dummy message, clients may send an event with type `m.dummy`, and with
empty contents.

In order to avoid creating too many extra sessions, a client should rate-limit
the number of new sessions it creates per device that it receives a message
from; the client should not create a new session with another device if it has
already created one for that given device in the past 1 hour. (TODO: is 1 hour
the right amount of time?)

The spec currently says, "If a client has multiple sessions established with
another device, it should use the session from which it last received a
message." (the last paragraph of the [`m.olm.v1.curve25519-aes-sha2`
section](https://matrix.org/docs/spec/client_server/r0.4.0.html#m-olm-v1-curve25519-aes-sha2)).
When comparing the time of the last received message for each session, the
client should consider only consider messages that were successfully decrypted,
and for sessions that have never received a message, it should use the creation
time of the session.  The spec will be changed to read:

> If a client has multiple sessions established with another device, it should
> use the session from which it last received and successfully decrypted a
> message.  For these purposes, a session that has not received any messages
> should consider its creation time to be the time that it last received a
> message.

## Tradeoffs

## Potential issues

## Security considerations

## Conclusion

This proposal outlines how wedged olm sessions can be replaced by a new
session.