user-user authn is indeed orthogonal to client-server authz.
For authenticating your own devices in EX, you are forced to verify them at login. If you have other devices flying around that aren’t verified then you have to use a different app to unpick the mess - in a Matrix 2.0 world it should not be possible to get into that mess (even if the server DB rolls back). So it’s only if you have 1.x clients hanging around that you need this… at which point you might as well use the 1.x clients to unpick the mess if needed.
For verifying other users - EX should support that well as the classic apps ever did.
For authenticating your own devices in EX, you are forced to verify them at login. If you have other devices flying around that aren’t verified then you have to use a different app to unpick the mess - in a Matrix 2.0 world it should not be possible to get into that mess (even if the server DB rolls back). So it’s only if you have 1.x clients hanging around that you need this… at which point you might as well use the 1.x clients to unpick the mess if needed.
For verifying other users - EX should support that well as the classic apps ever did.