Implement "message security info" for received OpenPGP messages
Categories
(MailNews Core :: Security: OpenPGP, enhancement)
Tracking
(thunderbird77 fixed)
Tracking | Status | |
---|---|---|
thunderbird77 | --- | fixed |
People
(Reporter: KaiE, Assigned: KaiE)
References
(Blocks 1 open bug)
Details
Attachments
(4 files, 3 obsolete files)
Equivalently to the existing S/MIME implementation, we need to allow the user to view detailed OpenPGP status information for a received message.
That information is shown if the user clicks a encryption/signature status icon (in a popup dialog).
The dialog should explain why the specific status is shown, and allow the user to view the respective available keys.
Assignee | ||
Comment 1•4 years ago
|
||
Assignee | ||
Comment 3•4 years ago
|
||
Magnus, this patch also adds a label below the status icons. This allows the user to understand to which technical mechanism the shown signature/encryption icons refer. It shows either the text OpenPGP or S/MIME.
I think this might be a useful information to have, given that otherwise it isn't obvious what kind of email is being received. This might be especially helpful for users who had formerly used S/MIME.
We could discuss in a follow-up if this information should be shown elsewhere, or differently.
Assignee | ||
Comment 4•4 years ago
|
||
This is an example screenshot for the detailed info dialog that this patch provides.
The dialog contents are dynamic.
The "view" buttons might be absent, either of them could be shown or not shown.
Assignee | ||
Comment 5•4 years ago
|
||
Assignee | ||
Comment 6•4 years ago
|
||
Assignee | ||
Comment 7•4 years ago
|
||
Note the patch reuses some of the strings that are used for S/MIME, which are to be generic and apply to OpenPGP, too.
Comment 8•4 years ago
|
||
Comment on attachment 9148319 [details]
openpgp-info.png
Could be preferable to have the headers fixed. Some suggested wording too
* Encryption *
This message was encrypted before it was sent to you. [The other part I'd leave out, I think it's slightly misleading since it's not "people" and the actual network connections are mostly secure anyway].
For encryption your public key 0x632......... was used.
(make the key id a link to open the view).
* Who sent it *
This message was digitally signed by someone. You haven't yet determined who that someone is.
Signer key ID is 0x40DC...... [Configure...]
Comment 9•4 years ago
|
||
Comment on attachment 9148321 [details]
openpgp-label.png
For these, it would be better to just add the technology to the icon and use slightly different icons. I think this is too much.
Comment 10•4 years ago
|
||
(In reply to Kai Engert (:KaiE:) from comment #7)
Note the patch reuses some of the strings that are used for S/MIME, which are to be generic and apply to OpenPGP, too.
For message security reuse between S/MIME and OpenPGP to tell about the situation sounds like trouble.
Updated•4 years ago
|
Assignee | ||
Comment 11•4 years ago
|
||
I'd prefer to get the initial patch committed, and work on fine tuning the wordings in a follow-up but, as this is important functionality for people who are trying the new feature.
Comment 12•4 years ago
|
||
If I can be of any help, I can handle the polish (or redesign) of the icons and dialog once this first implementation is completed.
I agree that having those OpenPGP
and S/MIME
labels underneath the icons is a bit too much, but better land the architecture and then focus on the visuals, as those take extra time to nail down, especially icon design.
Regarding the Message Security dialog, I think visually we should keep it as close as possible to what we have for S/MIME, since the context is the same (showing the current security of the message) no matter the type of protocol used, but obviously applying the proper string changes.
Let me know if I can help.
Assignee | ||
Comment 13•4 years ago
|
||
Thanks Alessandro for your feedback.
I also had a meeting with Magnus in the meantime.
Magnus was willing to accept that we use the patch (mostly) as is, for the initial step, but he asks that we rework it later. I'll file a bug.
There was one detail that he thinks should be changed before landing, and this is the point that Alessandro raised, too: The S/MIME and OpenPGP labels shouldn't be shown directly next to the icons.
I suggested that we most the message protocol (S/MIME or OpenPGP) to a text element inside the security info dialog, and Magnus agreed to that. I'll work on a new patch to implement that.
Assignee | ||
Comment 14•4 years ago
|
||
EXISTING sec info dialog if there's neither openpgp nor s/mime in use
no change
Assignee | ||
Comment 15•4 years ago
|
||
S/MIME security info.
This dialog is already existing.
There is only one change: The "S/MIME" label has been added in the upper right corner.
With this approach we don't have to change any existing strings.
Assignee | ||
Comment 16•4 years ago
|
||
Security info for an OpenPGP message.
Added the OpenPGP label to the upper right.
Comment 17•4 years ago
|
||
Please add the 0x notation too, since it's used elsewhere.
Assignee | ||
Comment 18•4 years ago
|
||
(In reply to Magnus Melin [:mkmelin] from comment #17)
Please add the 0x notation too, since it's used elsewhere.
Good suggestion, fixed in phab.
Comment 19•4 years ago
|
||
Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/b0aeb62aae1d
Implement "message security info" for received OpenPGP messages. r=PatrickBrunschwig,mkmelin
Assignee | ||
Comment 20•4 years ago
|
||
Comment on attachment 9147821 [details]
Bug 1637458 - Implement "message security info" for received OpenPGP messages. r=PatrickBrunschwig,mkmelin
Request to uplift OpenPGP improvements to Beta 77
Bug 7 of 9
https://hg.mozilla.org/comm-central/rev/b0aeb62aae1d
[Approval Request Comment]
Testing completed (on c-c, etc.): yes
Risk to taking this patch (and alternatives if risky): only affects openpgp
Comment 21•4 years ago
|
||
Comment on attachment 9147821 [details]
Bug 1637458 - Implement "message security info" for received OpenPGP messages. r=PatrickBrunschwig,mkmelin
Approved for beta
Assignee | ||
Comment 22•4 years ago
|
||
Updated•4 years ago
|
Description
•