Closed Bug 1532575 Opened 6 years ago Closed 5 years ago

Rename "Security" account preferences to "S/MIME Security"

Categories

(Thunderbird :: Account Manager, enhancement)

Product:
Thunderbird
Component:
Account Manager
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1603809

People

(Reporter: KaiE, Assigned: KaiE)

References

Details

Attachments

(1 obsolete file)

Edit / Account Settings.
The left hand side shows a section for each configured account.

Indented below each account, we have sub-categories of settings.
One category is named "Security".

That category is used for settings that are related to S/MIME.

I suggest to rename it to "S/MIME Security", because I presume we'll add additional security related categories in the future.

Good idea. Would need to update documenation, and do well before string freeze :)

Component: Preferences → Account Manager
Attached patch 1532575-v1.patch (obsolete) — Splinter Review
Assignee: nobody → kaie
Attachment #9050308 - Flags: review?(alessandro)

As additional context, when installing the Enigmail Add-on, an additional sub-category will be shown inside account settings, which is named "OpenPGP Security".

Comment on attachment 9050308 [details] [diff] [review] 1532575-v1.patch Review of attachment 9050308 [details] [diff] [review]: ----------------------------------------------------------------- I'm not sure about this. I'd recommend to avoid using acronyms in menu items because it could be confusing for users that are not used to them. What if we rename it as "Security & Encryption", and we leave the S/MIME explanation in the description? In this way, we can keep the consistency with other menu voices like "Copies & Folder" or "Synchronization & Storage", and prevent confusions for less tech-savvy users. Thoughts?

Today, with Enigmail Add-On installed, we have two tabs related to security, named:

  • OpenPGP Security
  • Security

With your suggestion, we'd have:

  • OpenPGP Security
  • Security & Encryption

I don't think that's an improvement, and doesn't help the user to understand what the "Security & Encryption" tab is about, in comparison to the "OpenPGP Security" tab. Both are related to security, both are related to encryption.

With my suggestion, we'd have:

  • OpenPGP Security
  • S/MIME Security

Would reordering the terms help to avoid confusion?

We could rename our current tab to

  • Security (S/MIME)

and ask the author of Enigmail to rename their tab to

  • Security (OpenPGP)

Also note that renaming the tab to "Security & Encryption" could be seen as misleading, because it's incomplete.

Security is a general term.

S/MIME security is used for both "Encryption" and "Digital Signatures".
(The same can be said for OpenPGP.)

Thanks for the clarification, and I totally agree with your point.

I think we can safely use the format you proposed:

  • OpenPGP Security
  • S/MIME Security

And avoid to introduce parenthesis in tab names.

Attachment #9050308 - Flags: review?(alessandro) → review+

Thanks Alessandro.

Jörg, I'm changing both Thunderbird and SeaMonkey strings, because they are currently identical. Is it fine to check in both?

Keywords: checkin-needed
Comment on attachment 9050308 [details] [diff] [review] 1532575-v1.patch Sorry, this is wrong. You need to use new entities if you want to change strings. Kai, please get an appropriate reviewer, Alex can do UI reviews for now.
Attachment #9050308 - Flags: ui-review?(mkmelin+mozilla)
Attachment #9050308 - Flags: review-
Attachment #9050308 - Flags: review+
Comment on attachment 9050308 [details] [diff] [review] 1532575-v1.patch Jörg, thanks for the reminder. I'll update the patch.
Attachment #9050308 - Attachment is obsolete: true
Attachment #9050308 - Flags: ui-review?(mkmelin+mozilla)

I actually had ui-r?mkmelin since he is also a UX peer. Personally I wouldn't do what you suggested. Sure, it's a good idea to do when OpenPGP arrives, but before that, we don't need to clutter the UI with "S/MIME" everywhere, especially since most users aren't interested.

Flags: needinfo?(mkmelin+mozilla)

but out of compasion for people who do documentation and l10n, should it not be done today with the likely future wording so we don't have to redo the doc and l10n later?

I don't want to push hard on this. I thought it's a nice consistency change for all users who already have Enigmail installed, and could probably still be beneficial at a later time. But if you'd like to postpone this change, fine with me.

I'd like to here Magnus opinion and the bigger picture. OpenPGP may arrive in, well, more than six month, and we might have a totally UI concept by then. That said, looking at the changes now, they are minimal. Which panel exactly are they on? The compose Window already has "S/MIME" on it, so to change two more labels for consistency is possibly a good idea.

Did I just change my mind ;-) - That's OK. OK, let's do it if Magnus agrees. Maybe land that after the next merge so give translators more than a day.

The geek in me likes the change... but I'm not sure it's ok to toss terms like S/MIME in the face of the regular user.

So I think we might want to hold off on this. There's really a lot, (lot!) to improve around this... and if we change it here, there are other places too that are Security, like in the compose window. That should probably be using the same term.

<rant>
I'm not convinced it's even Security. What we're talking about is really Encryption. The UI for the pane is unwieldy and fails to communicate that in reality the signing is primarily a vehicle to spread your signing key. There probably should not even be two fields to set up keys either (the UI does helpfully prompt you to use the same if you try something else). The text is also incorrect I believe: whatever cert you have install that matches will be used to decrypt. Then, the defaulting of encryption mode: well, required is pretty much a no-op for anyone. It's just not gonna work out, and the poor users who set that except in high security environments aren't going to be happy. For a normal user, encrypt when possible + an option to warn would probably serve some usefulness (topic for another discussion though).
</rant>

Flags: needinfo?(mkmelin+mozilla)

I don’t get it? Why rename Security to S/MIME Security? For thr smaal amount of Enigmail users? Enigmail can change the strings by itself, if there is such a need to make the distinction with Enigmail installed. Without Enigmail this only makes it more confusing for “normal” users…

(In reply to Onno Ekker [:nONoNonO UTC+1] from comment #18)

I don’t get it? Why rename Security to S/MIME Security? For thr smaal amount of Enigmail users? Enigmail can change the strings by itself, if there is such a need to make the distinction with Enigmail installed. Without Enigmail this only makes it more confusing for “normal” users…

Now I can answer your question - because we're trying to integrate OpenPGP support.

(In reply to Magnus Melin [:mkmelin] from comment #17)

The geek in me likes the change... but I'm not sure it's ok to toss terms like S/MIME in the face of the regular user.

OTOH Alex wasn't opposed to using it, see comment 9.

<rant>

Your comment is fair, no need to label it as a rant :)

I'm not convinced it's even Security. What we're talking about is really Encryption.

I'm OK to switch to the term "Encryption". But an even more precise label would be "Encryption & Signing".

The UI for the pane is unwieldy and fails to communicate that in reality the signing is primarily a vehicle to spread your signing key. There probably should not even be two fields to set up keys either (the UI does helpfully prompt you to use the same if you try something else). The text is also incorrect I believe: whatever cert you have install that matches will be used to decrypt. Then, the defaulting of encryption mode: well, required is pretty much a no-op for anyone. It's just not gonna work out, and the poor users who set that except in high security environments aren't going to be happy. For a normal user, encrypt when possible + an option to warn would probably serve some usefulness (topic for another discussion though).

I fully agree this existing UI isn't great, and we should change it as part of adding new pref UI for OpenPGP.

I'll soon file a new bug, and will incorporate your suggestions from here.
I'll mark this bug as a dupe of the new, more general bug.

Magnus, I'll also file a separate bug for "encrypt if possible". I agree it would be nice to have. But that will require some additional logic and UI elements.

(In reply to Magnus Melin [:mkmelin] from comment #17)

The text is also incorrect I believe: whatever cert you have install that matches will be used to decrypt.

It's correct for decryption.

However, this configuration is relevant when sending S/MIME messages. Messages will transmit own's preferred encryption certificate to the recipient.

The local user might have more then one certificate matching the account's email address. Advanced users need to ability to configure the cert they want peers to use when encrypting for the local user.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
See Also: → 135636
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: