Open Bug 1634524 Opened 1 year ago Updated 1 year ago

If we already have a public key, allow importing a key update, even if the update has no user ID

Categories

(MailNews Core :: Security: OpenPGP, enhancement)

enhancement

Tracking

(Not tracked)

People

(Reporter: KaiE, Unassigned)

References

(Blocks 1 open bug)

Details

A public key is a data package with attributes, and over time, more attributes can be attached to it. It's also possible to strip some attributes, without invalidating the key completely.

With bug 1633605, we'll require that imported keys contain a valid user ID, because otherwise they aren't usable in a user friendly way.

However, for convenience, it can be useful to pull key updates from a public key server, for example to retrieve updated meta information made by the key owner, such as an extended validity period or a revocation.

Some users might deny exposing their user name and email address information in a public directory (e.g. a key server), but nevertheless, sharing the other meta data publicly can be useful.

Therefore a key server might strip all user ID from a key, and offer it when searching for the key's technical ID (key ID or fingerprint).

Thunderbird should support obtaining updated meta information from keys offered by public directories, even if those keys don't contain any user ID information.

This makes sense, only if we have already imported a version of the public key that includes the user ID information.

You need to log in before you can comment on or make changes to this bug.