Closed Bug 1653222 Opened 4 years ago Closed 4 years ago

Clarify encryption part of OpenPGP security info, explain to which keys the message was encrypted

Categories

(MailNews Core :: Security: OpenPGP, defect)

defect

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 1634496

People

(Reporter: fernm, Unassigned)

References

Details

Attachments

(2 files)

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0

Steps to reproduce:

Build ID 20200714161155
Update channel nightly-try-comm-central

Having my personal key associated with the default identity of a mail account (screenshot 1)
Sending mail from that identitys mail address to Kai with "Require encryption" set. (I have Kais key 1C27 4237 2500 7724 in TB OpenPGP key manager)

Actual results:

Outgoing mail is encrypted with my own key.
Marking the sent message in the "Sent" folder and clicking on the green sealed envelope shows the window of second screenshot (nit: see that the "OK" button does not fit in the window).
It says "This message [...] was sent to you." and the recepient key would be my own key 0xBE7

Expected results:

Message should be encrypted with Kais key.
Seal-Security info should say "Message was sent out" and tell the key ID of the recepient.

This is a misunderstanding.

If you send an outgoing encrypted email, it is usually encrypted to multiple recipients at the same time:

  • to the key of each recipient
  • in addition, to your own key that you configured for the account.

Encrypting to your own key, in addition to the others, allows you to decrypt the copy that is stored in your Sent folder.

If you view and decrypt a message, Thunderbird will tell you what key it used to decrypt the message.

Thunderbird doesn't yet show a list of the additional keys that a message is encrypted to.

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → INVALID

Yes, I forgot that. So, this is very user-unfriendly, I mean I know something about keys and encryption and tapped in this "trap" of confusion, so what about general users? This is hardly to understand to have a sent mail saying it would have been encrypted and "sent" to one self.

I would suggest to have a meta info like
"The mail was sent encrypted, encrypted with the receivers public key xxx"
"The sent messages clear text has been stored in Your "sent" folder for Your reference. For additionally security, it has been re-encrypted with Your personal key yyy"

Summary: outgoing mail is encrypted with senders key, not receivers key → security info of encrypted sent message should not say "
Summary: security info of encrypted sent message should not say " → security info of encrypted sent message should not say "this message was sent to you"

Ok, let's use this bug to provide more information.

The security info dialog should provide the full list of keys that the message was encrypted to.

Status: RESOLVED → REOPENED
Ever confirmed: true
Resolution: INVALID → ---
Summary: security info of encrypted sent message should not say "this message was sent to you" → Clarify encryption part of OpenPGP security info, explain to which keys the message was encrypted
See Also: → 1654978

fixed in bug 1634496

Status: REOPENED → RESOLVED
Closed: 4 years ago4 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: