Closed Bug 1641714 Opened 4 years ago Closed 4 years ago

Move all chat OTR strings to the localization area

Categories

(Chat Core :: Security: OTR, enhancement)

Product:
Chat Core
Component:
Security: OTR
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Instantbird 78

People

(Reporter: KaiE, Assigned: KaiE)

Details

Attachments

(1 file, 1 obsolete file)

Bug 1641714 - Move all chat OTR strings to the localization area and improve the text. r=mkmelin,kaie,wsmwk
47 bytes, text/x-phabricator-request
Details | Review

String freeze for TB 78 is in a few days.
If we want the OTR strings in TB 78 to be localized, we must move the strings over from content to locales/en-US now.

Wayne, do you have a moment to give these changes a native-speaker check?

Attachment #9152656 - Flags: review?(kaie)
Attachment #9152656 - Flags: feedback?(vseerror)
Status: NEW → ASSIGNED
Comment on attachment 9152656 [details] [diff] [review]
bug1641714_otr_string_fixes.patch

The changes are correct technically.

I wasn't sure about the use of the term surveillance, because in order to attack, more than just "passive" surveillance attempts are required. A Monster-In-The-Middle (MITM) must actively manipulate the exchanged data to break the verification. However, performing such an attack is an attempt to apply surveillance to the encrypted connection, so your description of the situation seems acceptable.
Attachment #9152656 - Flags: review?(kaie) → review+
Attachment #9152565 - Attachment description: Bug 1641714 - Move all chat OTR strings to the localization area. r=mkmelin → Bug 1641714 - Move all chat OTR strings to the localization area (r=mkmelin) and improve the text (r=kaie, r=wsmwk).

I've applied the changes to the patch in phabricator.

Keeping the attached patch here for Wayne's convenience.

Yes, that's what I'm trying to convey. A naive reading of verification can not infer how verifying and encryption hang together. "But I'm chatting with him right now, he sounds just like normal. Must be him."

Comment on attachment 9152656 [details] [diff] [review]
bug1641714_otr_string_fixes.patch

"surveillance" seems appropriate.  And generally good wording.   Some nits:
* in two places, "as well" can be removed from "wait for your contact to enter it as well."
* "both" is redundant in "You should both tell", unless you have added it for emphasis
* I would use "Do not" at "Don't use the same Internet connection"
* "fingerprint" is used in several locations.  Will all users know exactly what that is, and what it means in the context of this process?  Or are additional words needed to clarify?  

Onno, do you have any thoughts on the text https://bugzilla.mozilla.org/attachment.cgi?id=9152656&action=diff
Flags: needinfo?(o.e.ekker)
Attachment #9152656 - Flags: feedback?(vseerror) → feedback+

I agree that we should explain the term "fingerprint" at least once. Looking at the UI, the following string might be a good place to do so, as it's the one place where we need a confirmation as part of an action.

With Wayne's suggestion from comment 7, how about this:

auth-manualInstruction = Contact your intended conversation partner via some other authenticated channel, such as OpenPGP-signed email or over the phone. You should tell each other your fingerprints. (A fingerprint is a checksum that identifies an encryption key.) If the fingerprint matches, you should indicate in the dialog below that you have verified the fingerprint.

Magnus, there's one change that I'm not completely happy with.
You changed "Purported fingerprint" to "Implied fingerprint".

The scenario is, we receive a key with the given fingerprint, and it may or may not be the correct key. But that's what we "see".
I think "imply" doesn't explain that well.

(FYI this string is shown below the message from comment 8, and we show it in addition to the user's own fingerprint with label "Fingerprint for you, <your-chat-ID>:".)

I have two suggestions:
either

  • use "Observed fingerprint for <contact-chat-ID>"
    or
  • drop the term, and simply use "fingerprint for <contact-chat-ID>"
Flags: needinfo?(mkmelin+mozilla)
Attachment #9152656 - Flags: review+
Attachment #9152565 - Attachment description: Bug 1641714 - Move all chat OTR strings to the localization area (r=mkmelin) and improve the text (r=kaie, r=wsmwk). → Bug 1641714 - Move all chat OTR strings to the localization area and improve the text. r=mkmelin,kaie,wsmwk
Comment on attachment 9152656 [details] [diff] [review]
bug1641714_otr_string_fixes.patch

Onno I have added Wayne's suggestion in phabricator. To see the latest proposal please see https://phabricator.services.mozilla.com/D77375
Attachment #9152656 - Attachment is obsolete: true

I'm not familiar with off-the-record messaging, but overall the strings look good to me.

Flags: needinfo?(o.e.ekker)

(In reply to Kai Engert (:KaiE:) from comment #9)

  • drop the term, and simply use "fingerprint for <contact-chat-ID>"

I think this is fine. I just thought

  • purported was a strange word
  • it's not the fingerprint that is purported, it is this fingerprint. It's just who that fingerprint belongs to that we don't know.
Flags: needinfo?(mkmelin+mozilla)

I've removed the word "observed" in phab.

Ok to land?

Flags: needinfo?(mkmelin+mozilla)

ok you accepted thanks

Flags: needinfo?(mkmelin+mozilla)

Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/cfaf20a2e428
Move all chat OTR strings to the localization area and improve the text. r=mkmelin,kaie,wsmwk

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → Instantbird 78
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: