Open Bug 134949 Opened 22 years ago Updated 2 years ago

Allow signing newsgroup messages

Categories

(MailNews Core :: Security: S/MIME, enhancement)

Product:
MailNews Core
Component:
Security: S/MIME
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: KaiE, Unassigned)

References

Details

(Whiteboard: [psm-smime]) 

The account manager for mail/news should show the security panel for newsgroup
maessages, too.

It should be possible to configure signing prefs, but not encryption prefs.
QA Contact: alam → carosendahl
This is missing functionality that currently exists in 4.x clients.
Keywords: regression
Also, the doco shows a "Security" item for Newsgroup servers, too, which is
misleading. My 1.0RC2 doesn't have it, which is interesting.

However, if I write a message which goes both to a regular email recipient *and*
to a newsgroup, then it will be sent signed to both and show up fine on the
newsgroup.

This workaround does not work if I start from the newsgroup, like trying to
respond to a posted message.
*** Bug 146654 has been marked as a duplicate of this bug. ***
Body of 146654:
I set up my main email account to digitally sign messages, mostly to provide
some extra testing of dogfood.  When I compose an email message, I can disable
the signature on a per-message basis. However, I don't have that option for
newsgroup messages.  I'm not sure why we don't have a separate Security tab for
newsgroup accounts, since I don't really need to sign them, and other newsgroup
users complain that it makes them too large.



------- Additional Comment #1 From Mitchell Stoltz 2002-05-24 12:42 -------

-> PSM S/MIME. I agree that options for Mail and News should be separated in
this case.



------- Additional Comment #2 From Charles Rosendahl 2002-05-30 16:52 -------

Not sure what you mean.  Signing news messages is not officially supported in 7.0

There are two bugs that relate to what I believe you are referring to.  
One:  Switching sender should set security settings accordingly within the
composition window.  
Two:  Signing of newsgroup messages is not supported.

Currently if you enter through the email account and change the recipient type
to newsgroup, the settings are not changed.  If you enter through the newsgroup
account, the settings are not set and cannot be set unless you manually tweak
your prefs file.

marking this a duplicate of 134949 and incorporating these comments into that
bug for tracking purposes once we get around to implemeting this feature.

As an aside, I'm not sure if we should change the security settings when we
change the recipient type based on whether it is a news message or not.  Since
multiple news accounts may be configured, which news account would we set the
preferences to?  Tis better to enter through the news account directly.
Target Milestone: --- → Future
Severity: normal → enhancement
Keywords: nsbeta1
We don't support sending signed messages, without specifying own's cert for
receiving encrypted messages. (Details in bug 115294, in short: Users expect to
be all set for sending encrypted messages by receiving a signed message and we
should break that general rule.)

As a consequence, even when preparing a signed newsgroup message, we must still
know which certificate the user wants to use for receiving encrypted messages.
Because we have that as a separate configuration option, we need to include the
encryption box for newsgroup accounts, too.

The only thing we can (and should) change in the newsgroup prefs UI: the "use
encryption" setting. I vote that we do not remove it from the UI, but force
selection of "never encrypt" and disable the "require encryption" in the UI.
Argument 1: The user will be aware that encryption for newsgroups is not
possible / supported. Argument 2: I heard there is a RFC how S/Mime newsgroup
encryption could work, and at some point in the future we might want to support
that.


So the work required to implement this bug is: Activate showing the tab and lock
the encryption setting to "never". Users will need to configure both
certificates for newsgroup accounts, too.

I don't want to work on this before 160499 is done. I realize the logic to
enable/disable controls in the S/Mime prefs UI is not consistent with the
application behaviour. We should fix that before we make the enable/disable
logic more complex (for newsgroup settings).
Depends on: 160499
We should still allow users to include an encryption cert in a signed newsgroup
message.

There could be a checkbox that says: "include this encryption certificate in my
signed message".


Another reason for allowing the inclusion of the encryption cert:  replying back
directly to the sender rather than the news group containing the news posting
allows the opportunity to encrypt the reply.
I'm confused.

I believe we already agree, but you seem to think we do not. I guess my comments
were unclear.

In my comments I wanted to say: "Yes, we need to require the user to configure
both".

No disagreement

Comment #5 is clear - I just wanted to add the basic reason why a sender's
encryption cert would be added to a newsgroup message in the first place.

As far as I can see we have - 
reply to newspgroup:  signing only, no encryption possiblie
reply all: siging only, no encryption possible (the list includes one or more
newsgroups)
reply to sender: encryption possible
forward:  encryption possible

These may be accessed via the menu bar, tool bar, and the right mouse button. 
One thing to look at would be default settings:  when replying to sender or
forwarding, we implicitly switch from the newsgroup to a mail account.

Thanks for your comments.

I'd like to fix this bug together with other changes and have attached a
proposed patch to bug 115294.
Depends on: 115204
Depends on: 115294
No longer depends on: 115204
The strategy has changed, I no longer can fix this bug together with bug 115294.
They are again separate issues.
No longer depends on: 115294
Product: PSM → Core
QA Contact: carosendahl → s.mime
Product: Core → MailNews Core
Assignee: kaie → nobody
Whiteboard: [psm-smime]

Kai, please review severity and keyword, and either remove "regression" (and keep enhancement) or change severity to not be "enhancement". Thanks

Flags: needinfo?(kaie)
Target Milestone: Future → ---
Version: Other Branch → Trunk

This is a regression in comparison to the very old Netscape 4.x email client.

But given that newsgroups are no longer that popular, I think it's no longer necessary to treat this with a regression label.
I think in 2019 this is a nice-to-have with a very low priority.

Flags: needinfo?(kaie)
Keywords: regression
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.