Closed Bug 1637458 Opened 4 years ago Closed 4 years ago

Implement "message security info" for received OpenPGP messages

Categories

(MailNews Core :: Security: OpenPGP, enhancement)

enhancement

Tracking

(thunderbird77 fixed)

RESOLVED FIXED
Thunderbird 78.0
Tracking Status
thunderbird77 --- fixed

People

(Reporter: KaiE, Assigned: KaiE)

References

(Blocks 1 open bug)

Details

Attachments

(4 files, 3 obsolete files)

Equivalently to the existing S/MIME implementation, we need to allow the user to view detailed OpenPGP status information for a received message.

That information is shown if the user clicks a encryption/signature status icon (in a popup dialog).

The dialog should explain why the specific status is shown, and allow the user to view the respective available keys.

Magnus, this patch also adds a label below the status icons. This allows the user to understand to which technical mechanism the shown signature/encryption icons refer. It shows either the text OpenPGP or S/MIME.

I think this might be a useful information to have, given that otherwise it isn't obvious what kind of email is being received. This might be especially helpful for users who had formerly used S/MIME.

We could discuss in a follow-up if this information should be shown elsewhere, or differently.

Attached image openpgp-info.png (obsolete) —

This is an example screenshot for the detailed info dialog that this patch provides.

The dialog contents are dynamic.
The "view" buttons might be absent, either of them could be shown or not shown.

Attached image openpgp-label.png (obsolete) —
Attached image smime-label.png (obsolete) —

Note the patch reuses some of the strings that are used for S/MIME, which are to be generic and apply to OpenPGP, too.

Comment on attachment 9148319 [details]
openpgp-info.png

Could be preferable to have the headers fixed. Some suggested wording too

* Encryption * 

This message was encrypted before it was sent to you. [The other part I'd leave out, I think it's slightly misleading since it's not "people" and the actual network connections are mostly secure anyway]. 

For encryption your public key 0x632.........  was used.
(make the key id a link to open the view). 

* Who sent it *

This message was digitally signed by someone. You haven't yet determined who that someone is. 

Signer key ID is 0x40DC......                  [Configure...]
Comment on attachment 9148321 [details]
openpgp-label.png

For these, it would be better to just add the technology to the icon and use slightly different icons. I think this is too much.

(In reply to Kai Engert (:KaiE:) from comment #7)

Note the patch reuses some of the strings that are used for S/MIME, which are to be generic and apply to OpenPGP, too.

For message security reuse between S/MIME and OpenPGP to tell about the situation sounds like trouble.

Status: NEW → ASSIGNED

I'd prefer to get the initial patch committed, and work on fine tuning the wordings in a follow-up but, as this is important functionality for people who are trying the new feature.

If I can be of any help, I can handle the polish (or redesign) of the icons and dialog once this first implementation is completed.

I agree that having those OpenPGP and S/MIME labels underneath the icons is a bit too much, but better land the architecture and then focus on the visuals, as those take extra time to nail down, especially icon design.

Regarding the Message Security dialog, I think visually we should keep it as close as possible to what we have for S/MIME, since the context is the same (showing the current security of the message) no matter the type of protocol used, but obviously applying the proper string changes.

Let me know if I can help.

Thanks Alessandro for your feedback.
I also had a meeting with Magnus in the meantime.

Magnus was willing to accept that we use the patch (mostly) as is, for the initial step, but he asks that we rework it later. I'll file a bug.

There was one detail that he thinks should be changed before landing, and this is the point that Alessandro raised, too: The S/MIME and OpenPGP labels shouldn't be shown directly next to the icons.

I suggested that we most the message protocol (S/MIME or OpenPGP) to a text element inside the security info dialog, and Magnus agreed to that. I'll work on a new patch to implement that.

Attached image no-crypto.png

EXISTING sec info dialog if there's neither openpgp nor s/mime in use

no change

Attached image smime.png

S/MIME security info.

This dialog is already existing.

There is only one change: The "S/MIME" label has been added in the upper right corner.

With this approach we don't have to change any existing strings.

Attachment #9148319 - Attachment is obsolete: true
Attachment #9148321 - Attachment is obsolete: true
Attachment #9148322 - Attachment is obsolete: true
Attached image openpgp.png

Security info for an OpenPGP message.
Added the OpenPGP label to the upper right.

Please add the 0x notation too, since it's used elsewhere.

(In reply to Magnus Melin [:mkmelin] from comment #17)

Please add the 0x notation too, since it's used elsewhere.

Good suggestion, fixed in phab.

Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/b0aeb62aae1d
Implement "message security info" for received OpenPGP messages. r=PatrickBrunschwig,mkmelin

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED

Comment on attachment 9147821 [details]
Bug 1637458 - Implement "message security info" for received OpenPGP messages. r=PatrickBrunschwig,mkmelin

Request to uplift OpenPGP improvements to Beta 77

Bug 7 of 9

https://hg.mozilla.org/comm-central/rev/b0aeb62aae1d

[Approval Request Comment]
Testing completed (on c-c, etc.): yes
Risk to taking this patch (and alternatives if risky): only affects openpgp

Attachment #9147821 - Flags: approval-comm-beta?

Comment on attachment 9147821 [details]
Bug 1637458 - Implement "message security info" for received OpenPGP messages. r=PatrickBrunschwig,mkmelin

Approved for beta

Attachment #9147821 - Flags: approval-comm-beta? → approval-comm-beta+
Target Milestone: --- → Thunderbird 78.0
You need to log in before you can comment on or make changes to this bug.