Open Bug 1630433 Opened 5 years ago Updated 3 years ago

In composer, show individual message encryption "status"

Categories

(MailNews Core :: Security: OpenPGP, enhancement)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: KaiE, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

This is related to bug 1630416. We should implement bug 1630416 first.

Bug 1630416 requests an "overall" encryption status for the whole message, e.g. a text in the status bar.

This bug suggests that we provide additional assistance to the user, by telling the user which recipients are problematic.

Alessandro had suggested that we could potentially display a status icon next to each recipient "pill" in the to/cc/bcc fields.

Possible states

  • problem: no public key/certificate available for user (or all the keys that we have are unusable because they are expired, revoked, or have been marked by the user as rejected/blacklisted)
  • problem: at least one key is available, but no keys have been "accepted" yet (the user hasn't decided if using encryption with that correspondent is acceptable, or which key out of several options should be used)
  • good status: we have an accepted and valid key

In addition to the "good status", we could show an additional status, "ambiguity". This happens if we have an accepted and valid, but in addition, we discovered an alternative key (e.g. it arrived in an email). This scenario could either mean this recipient has switched to a new key - or it could be an attacker trying to trick us. There's no automatic mechanism to decide which of both is true. All we can do is make the user aware, suggest to review the situation, possibly communicate with the recipient or use secondary sources to learn more, and make a decision.

Icon suggestion:

We need a "public key" for each recipient, which might be missing, or have an undecided status, a good (unverified or verified) status, or an ambiguity in addition to a good status.

It might be reasonable to use symbols that match what we use when showing the status of a signature (which is related to the status of the key that was used to create the signature).

  • (1) Key missing: a key striked out with a red X (blocker)

  • (2) Key available, but not yet decided: a key with a question mark (red background, because this is a blocker)

  • (3) Key available and previously accepted, but unverified: A key with an orange warning sign

  • (4) Key available and verified: A key with a green checkmark

  • (5) Key ambiguity: a key with a question mark, shown on an orange background (because it is NOT a blocker)? Ideas welcome. This icon would be shown at the same time with icons (3) or (4), if necessary.

From the user's POV, all they should need to know is "will this be sent encrypted or not". If yes, we figure out the details in the next step.
Having to understand about keys and their various states is just adding confusion. Problem situations need to be dealt with and explained, and an icon is not enough for that.

Our work on bug 1627956 will solve this.

See Also: → 1627956
You need to log in before you can comment on or make changes to this bug.