Open Bug 1630395 Opened 5 years ago Updated 3 years ago

In composer, show message digital signature "configuration"

Categories

(MailNews Core :: Security: OpenPGP, enhancement, P3)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: KaiE, Unassigned)

References

(Blocks 1 open bug)

Details

See also the comments in meta bug 1595226.

When sending, will we add a digital signature to the current message?

This is simple to do. If an encryption technology is configured, signing is always possible, without requiring any external data.
(Assuming the user unlocks the master password correctly, if one is configured.)

We should give the user a visual feedback if signing is currently enabled or disabled.

We currently do the same that was done in the past.
If enabled, we'll show an icon in the status bar that symbolizes a signature.
We use an envelope with a signet (now green, it was red in the past).

I think this might be OK initially, also given that this is how it was done in the past.
I'd give this bug a lower priority.

However, we could think about potentially improving it.

The signature is related to the "from" address.
So potentially we could show the signature icon next to the "from" address selection?

In the design that I shared on Topicbox this week, I'm not giving any visibility to the signature outside of the Encryption menu.

I found again this ticket while cleaning up my notes and wanted to check with you.

Displaying a (clickable) icon for signature near the From field, as you suggested, seems to make sense without adding too much noise. The at-risks users that I interviewed in August didn’t care or didn’t even know about the cryptographic signature of OpenPGP, but this might be an opportunity to educate them. I don't think that we should give as much importance to signature as to encryption in the UI but a clickable icon might be just right.

Shall add this to my prototype and test it with users next time, or did you change your mind on the importance of making signatures visible in the composer?

The signature is related to the "from" address.

But it is, essentially, not about that except for on the very technical level. Regarding encrypted emails, NOT signing is giving up security: yes the message can't be seen while traveling over the network, but the recipient is put in a vulnerable situation and can easily be tricked by a powerful adversary. It's not about "proving it's you", in the way normal users would think about it. (If the text looks like it's written by their mom, of course it was their mom who sent it, right?!).

Since reasons for signing can't be understood easily, I think the signing should always be on and only hide away the advanced option to disable it.

The at-risks users that I interviewed in August didn’t care or didn’t even know about the cryptographic signature of OpenPGP

That is indeed a very serious problem regarding incoming as well. Bug 1731984.
I don't think education can help users in general: it's way too complex to explain so that the average person would care about those details... It's on the software to do reasonable defaults and reasonable display for each case.

I think we should close this bug wontfix, or even change the current setup to display an insecure encryption icon if you do not sign.

In our work on bug 1627956 we decided not to do that and I think that we should close this as WONTFIX.

See Also: → 1627956
You need to log in before you can comment on or make changes to this bug.