Closed Bug 1639250 Opened 5 years ago Closed 4 years ago

OpenPGP signature shown as invalid, if sender's key expired

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
defect

Tracking

(thunderbird_esr78 affected, thunderbird_esr91 fixed)

Status:
RESOLVED FIXED
Milestone:
93 Branch
Tracking Flags:
Tracking Status
thunderbird_esr78 --- affected
thunderbird_esr91 --- fixed

People

(Reporter: KaiE, Assigned: KaiE)

References

(Blocks 1 open bug)

Details

(Whiteboard: [fixed by bug 1724393] )

If we receive a digitally signed OpenPGP message, and our copy of the public key we have has expired, then we display the message as having an invalid signature.

In addition, the message security info says the cause is unknown.

We should display the correct reason.

Blocks: 1595227

Well, in my eyes the present behavious is wrong, so allow me to move this back in focus.

Even if an old signature is outdated, there must be a difference in display between a valid signature with an outdated key and an invalid signature.

The least is that the expanded message details the reason. Better would be to use a different icon.
A message that once has shown with a valid signature should not become "invalid" but only "outdated".
This time dependence is the very irritating for users, I think.

Actually, the message security info says "Entweder ist die Nachricht beschädigt oder sie wurde von jemandem anders verändert." and this is plainly wrong!

A little thought shows that the semantics that Michael wants are the correct semantics. Let's say Alice sends Bob a signed message: "I will pay you 100 Euros in a year," and the signing key expires in six months. When the year is over, does Alice owe Bob the money on the basis of the signature? I'd say yes. The signature was valid when it was made. The semantics are tricky, and unfortunately, I don't think RNP handles this case. Perhaps Nickolay can clarify whether I've overlooked something.

Flags: needinfo?(o.nickolay)

Seems to me, expired should never show as invalid. When would that ever be correct?

Isn't validity only a strong hint to user agents that they should not keep using that key when encrypting (since the receiver may not necessarily be able to read what you write).

Thanks for reporting this issue.
Definitely, if signature was created when key is not expired, it should be considered as valid.
Currently signature check logic in RNP is too strict, marking signature as valid only for the keys which are valid right now.
I filed a ticket (and will prioritise it) here: https://github.com/rnpgp/rnp/issues/1495

Flags: needinfo?(o.nickolay)

RNP v0.15.2 was released today, including a fix for this issue.

Depends on: 1724393

This looks fixed to me. With old 0.15.1, we display an error message "techincal error with the signature".

With 0.15.2, the signature is accepted in general (in my test, I get uncertain signature, because I haven't accepted the key - and I cannot accept it, because it is already expired).

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED

fixed in 91.0.3 by bug 1724393

status-thunderbird_esr91: affectedfixed
Whiteboard: [fixed by bug 1724393]
Target Milestone: --- → 93 Branch
You need to log in before you can comment on or make changes to this bug.