Closed Bug 1631247 Opened 11 months ago Closed 11 months ago

Support additional mechanisms to obtain sender's public OpenPGP key

Categories

(MailNews Core :: Security: OpenPGP, enhancement)

enhancement

Tracking

(Not tracked)

RESOLVED FIXED
Thunderbird 77.0

People

(Reporter: KaiE, Assigned: KaiE)

References

(Blocks 1 open bug)

Details

Attachments

(3 files, 1 obsolete file)

Even with bug 1631198 fixed, the sender's key, e.g. the one used for creating a signature, might be unavailable.

Based on existing Enigmail code, I've implemented additional mechanism to assist the user.

Even without having the key yet, we can obtain the ID of the key used to create the signature. The only way to reliably way search by key ID is by using a key server.

How do we invite the user to search for the missing key? We can reconsider how to present that, but to get started, I used a notification line at the bottom of the email, saying "Message was signed with a key that you don't have yet", and a button "Search Internet…"

What happens if the key is found? With our approach to give the user control, I think we should use the usual "do you want to import" question, and when imported, show the summary of what happened.

While workin on that, I noticed a detail, which I had missed in the past.

The "successfully imported" dialog contains a link "Details", which opens the key details dialog, the one which also allows the user to configure the acceptance of the key.

I think this is great. But I think that needs to be more discoverable. Right now, the one word link "Details" is easily missed (at least I missed it previously).

So, I've made two changes to that confirmation dialog: Replaced the text "Details" with the longer text "View Details and manage Key Acceptance" and moved it to the bottom. Because this text is shown in blue as a hyperlink, it's much more noticeable.

Also, there was a big green checkmark in that dialog. I think that's distracting, it gives the impression "everything's done", which is no longer correct - because after importing completed, the user should consider what to do with this new key (review and configure acceptance). To avoid the distraction, I've removed the green checkmark.

Now, an email might be encrypted, only, not signed. And it might be missing a key attachment. I think we should offer the user a mechanism to search the Internet for the sender's public key. (Enigmail did this in the past with a button on the top.) I have an alternative suggestion, with an initial implementation. When clicking any recipient in an email, we currently show a right click popup menu. I've added a menu entry "Search Internet for OpenPGP Key". When clicked, we'll check two places: Using the WKD mechanism on the mail provider's server (for those servers that offer it), and it that fails, we'll search a keyserver (keys.openpgp.org). Again, contrary to what Enigmail did in the past, the user needs to manually confirm importing of the found key (to ensure the user is aware and has control), and also the import success report (with the option to open details and configure the acceptance).

This required a change to the keyserver.jsm code, to support downloading without immediate importing. (I need to change the remaining keyserver mechanisms to support that, too. For now, it's implemented for the vks mechanism only, but can easily merged over to the others.)

As a ride along, I've completely removed the hidden status element in the mail reader header area (which we hid in bug 1624939 comment 7). Instead, the code prints the details of the verification as a debug statement on the console (until we have implemented the detailed feedback in secondary UI, message security info).

Attached image sig-no-key.png (obsolete) —

Screenshot shows two details:

  • button line with "signed with a key that you don't have yet"
  • popup menu on message participant "Search Internet for OpenPGP Key"
Attached image imported-feedback.png

Screenshot shows the updated "import done feedback" dialog, with the green checkmark removed, and the more noticeable link to open the details and acceptance settings.

Attachment #9141521 - Attachment is obsolete: true
Attached image sig-no-key.png

I wasn't able to take a screenshot of the popup menu.

Here's a reduced screenshot of the bottom line.
(only shown if a message is signed, but the signature key is unavailable)

(In reply to Kai Engert (:KaiE:) from comment #3)

Created attachment 9141522 [details]
imported-feedback.png

Screenshot shows the updated "import done feedback" dialog, with the green checkmark removed, and the more noticeable link to open the details and acceptance settings.

On the first spontaneous view I was missing the expiry date of the imported key. I understand to keep the information displayed es little and easy as possible, but I think the expiry date is reasonable to display for the user at the first view here.
Maybe for this general display, the display of dates could be less precise (and therefore easier to read), the longer it is in the past or future, e.g. if the key is older than 12 months (or more than 12 months valid), display just "Month Year" like "April 2001".

BTW Please do not display date in confusing format "01/31/12" better display iso 8601 format "2012-01-31" (or "2001-12-31" in this case?).

(In reply to bugzilla0248 from comment #5)

BTW Please do not display date in confusing format "01/31/12" better display iso 8601 format "2012-01-31" (or "2001-12-31" in this case?).

The date format should correspond to the date format the user has chosen, and that is used throughout the rest of Thunderbird. If Kai uses the format mm/dd/yy then, that's perfectly correct.

We can consider adding the expiry, you could file a separate bug to request it.

Regarding the time format display, actually it's not working correctly. I had noticed a mismatch in the past. Let's fix it now, I've filed bug 1631599.

(In reply to Kai Engert (:KaiE:) from comment #7)

We can consider adding the expiry, you could file a separate bug to request it.

On the other hand, it's unnecessary. Did you notice that you can click on "details" and you'll see the full details? The first confirmation is just a quick summary. Potentially we could consider to show less information in that dialog, and encourage the user to open the details.

(In reply to Kai Engert (:KaiE:) from comment #8)

Did you notice that you can click on "details" and you'll see the full details? The first confirmation is just a quick summary.
Yes, I did notice. It's only, as the key creation date is shown, I was missing the in my opinion more important information, what the key expiry date is, that confirms that it's still valid, or that it e.g. will become invalid in one week. Maybe there could only be shown the information "valid for x days/weeks/months/years" (use only the biggest unit that has no fraction), or maybe only "key is valid". I do not want to file a bug for this detail, this is just a quick user feedback.

Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/1265c97794fd
Support additional mechanisms to obtain sender's public OpenPGP key. r=PatrickBrunschwig

Status: NEW → RESOLVED
Closed: 11 months ago
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 77.0
You need to log in before you can comment on or make changes to this bug.