Move all chat OTR strings to the localization area
Categories
(Chat Core :: Security: OTR, enhancement)
Tracking
(Not tracked)
People
(Reporter: KaiE, Assigned: KaiE)
Details
Attachments
(1 file, 1 obsolete file)
String freeze for TB 78 is in a few days.
If we want the OTR strings in TB 78 to be localized, we must move the strings over from content to locales/en-US now.
Assignee | ||
Comment 1•4 years ago
|
||
Assignee | ||
Comment 2•4 years ago
|
||
Comment 3•4 years ago
|
||
Wayne, do you have a moment to give these changes a native-speaker check?
Updated•4 years ago
|
Assignee | ||
Comment 4•4 years ago
|
||
Comment on attachment 9152656 [details] [diff] [review] bug1641714_otr_string_fixes.patch The changes are correct technically. I wasn't sure about the use of the term surveillance, because in order to attack, more than just "passive" surveillance attempts are required. A Monster-In-The-Middle (MITM) must actively manipulate the exchanged data to break the verification. However, performing such an attack is an attempt to apply surveillance to the encrypted connection, so your description of the situation seems acceptable.
Updated•4 years ago
|
Assignee | ||
Comment 5•4 years ago
|
||
I've applied the changes to the patch in phabricator.
Keeping the attached patch here for Wayne's convenience.
Comment 6•4 years ago
|
||
Yes, that's what I'm trying to convey. A naive reading of verification can not infer how verifying and encryption hang together. "But I'm chatting with him right now, he sounds just like normal. Must be him."
Comment 7•4 years ago
|
||
Comment on attachment 9152656 [details] [diff] [review] bug1641714_otr_string_fixes.patch "surveillance" seems appropriate. And generally good wording. Some nits: * in two places, "as well" can be removed from "wait for your contact to enter it as well." * "both" is redundant in "You should both tell", unless you have added it for emphasis * I would use "Do not" at "Don't use the same Internet connection" * "fingerprint" is used in several locations. Will all users know exactly what that is, and what it means in the context of this process? Or are additional words needed to clarify? Onno, do you have any thoughts on the text https://bugzilla.mozilla.org/attachment.cgi?id=9152656&action=diff
Assignee | ||
Comment 8•4 years ago
|
||
I agree that we should explain the term "fingerprint" at least once. Looking at the UI, the following string might be a good place to do so, as it's the one place where we need a confirmation as part of an action.
With Wayne's suggestion from comment 7, how about this:
auth-manualInstruction = Contact your intended conversation partner via some other authenticated channel, such as OpenPGP-signed email or over the phone. You should tell each other your fingerprints. (A fingerprint is a checksum that identifies an encryption key.) If the fingerprint matches, you should indicate in the dialog below that you have verified the fingerprint.
Assignee | ||
Comment 9•4 years ago
|
||
Magnus, there's one change that I'm not completely happy with.
You changed "Purported fingerprint" to "Implied fingerprint".
The scenario is, we receive a key with the given fingerprint, and it may or may not be the correct key. But that's what we "see".
I think "imply" doesn't explain that well.
(FYI this string is shown below the message from comment 8, and we show it in addition to the user's own fingerprint with label "Fingerprint for you, <your-chat-ID>:".)
I have two suggestions:
either
- use "Observed fingerprint for <contact-chat-ID>"
or - drop the term, and simply use "fingerprint for <contact-chat-ID>"
Assignee | ||
Updated•4 years ago
|
Updated•4 years ago
|
Assignee | ||
Comment 10•4 years ago
|
||
Comment on attachment 9152656 [details] [diff] [review] bug1641714_otr_string_fixes.patch Onno I have added Wayne's suggestion in phabricator. To see the latest proposal please see https://phabricator.services.mozilla.com/D77375
Comment 11•4 years ago
|
||
I'm not familiar with off-the-record messaging, but overall the strings look good to me.
Comment 12•4 years ago
|
||
(In reply to Kai Engert (:KaiE:) from comment #9)
- drop the term, and simply use "fingerprint for <contact-chat-ID>"
I think this is fine. I just thought
- purported was a strange word
- it's not the fingerprint that is purported, it is this fingerprint. It's just who that fingerprint belongs to that we don't know.
Assignee | ||
Comment 13•4 years ago
|
||
I've removed the word "observed" in phab.
Ok to land?
Comment 15•4 years ago
|
||
Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/cfaf20a2e428
Move all chat OTR strings to the localization area and improve the text. r=mkmelin,kaie,wsmwk
Updated•4 years ago
|
Description
•