Closed Bug 1653813 Opened 2 months ago Closed 2 months ago

Need to simplify personal key treatment of imported keys

Categories

(MailNews Core :: Security: OpenPGP, enhancement, P1)

enhancement

Tracking

(thunderbird_esr78 fixed, thunderbird79 fixed)

RESOLVED FIXED
Thunderbird 80.0
Tracking Status
thunderbird_esr78 --- fixed
thunderbird79 --- fixed

People

(Reporter: KaiE, Assigned: aleca)

References

Details

(Keywords: ux-efficiency, ux-error-prevention)

Attachments

(1 file, 1 obsolete file)

We've been getting repeated reports were users had trouble to set up OpenPGP correctly after importing an existing secret key.

The reason is that the old approach to import a secret key, using the OpenPGP Key Management dialog, doesn't ask the user "treat this as personal key?" at import time. It means users are not aware they need to confirm that.

The new import mechanism from inside the account settings (which should be available soon with 78.0.1) will likely fix that - because it will ask the question at import time.

Action 1:

Alessandro, you already suggested it - and I agree - we should change the import secret key command in the Key Management window to also use your new wizard - to ensure the question is asked at import time. This has a very high priority IMHO.

Action 2:

I wonder if we should set the checkmark "treat this key as a personal key" by default. It will be the standard action in most scenarios. It will be rare that users import a secret key of an identity that isn't their own. Informing the user and giving them a chance to uncheck the checkmark might be sufficient.

Then, apparently it isn't obvious that after importing of a key, the OpenPGP feature needs to be enabled in account settings, by selecting the imported key.

If users will import from within the account settings, then it MIGHT be obvious, that after importing, it is still necessary to select a key.

However, if users are importing from the Key Management window, they'll not be aware.

Action 3:

Currently, the final step of the import wizard says "openpgp keys successfully imported", with details shown, and a "Close" button.

I suggest that we change the "Close" button to "Continue".

After the user clicks Continue, the display would change to say "To start using your imported OpenPGP key, go to account settings and select it." - and a close button in that view.

If the user has accessed the "secret key import" from within the account settings, then we are done.

However, if the user had opened the import wizard from the Key Management window, then maybe we should automatically open the account settings.

You might suggest "we could automatically select the imported key in account settings".

This might work in the following scenario:

  • we imported exactly one key
  • the imported key contains only one email address
  • we find a matching configured email account
  • currently, there is no openpgp key selected for that email account

In this simple scenario, we could potentially offer the user "would you like to start using OpenPGP with email account <email-in-key>"? If yes, we could automatically select that key.

In all other scenarios, I wouldn't do it automatically. If there are multiple keys, the interaction would be too complex. (Or we'd have to display a series of multiple questions.) If the imported key contains multiple email addresses, it gets complex to decide for which accounts we'd offer to automatically enable. If there is already a key selected for a single key and its single email address, we don't know if it makes sense to automatically enable it, because the user might simply be importing an older key to be able to decrypt older emails.

Therefore I think that reminding the user to make their selection in account settings will hopefully be sufficient.

One thing related to this: When I access the Key Manager through the Account Settings page (because the Import dialog of the Add Key wizard asks me to do so), do the import personal key and acceptance stuff and close the Key Manager, the Account Settings page won't refresh to show my newly imported key. I have to close and reopen the settings page to proceed with the key selection.
This usability problem might be obsolete when I can import my key directly via "Add Key".

Alessandro, you already suggested it - and I agree - we should change the import secret key command in the Key Management window to also use your new wizard - to ensure the question is asked at import time. This has a very high priority IMHO.

Will do in bug 1652537.

I wonder if we should set the checkmark "treat this key as a personal key" by default. It will be the standard action in most scenarios. It will be rare that users import a secret key of an identity that isn't their own. Informing the user and giving them a chance to uncheck the checkmark might be sufficient.

Sounds good to me. Do you think it might raise some security concerns having that option opt-out instead of opt-in?

I suggest that we change the "Close" button to "Continue".
After the user clicks Continue, the display would change to say "To start using your imported OpenPGP key, go to account settings and select it." - and a close button in that view.

Instead of this, I'd suggest writing a more detailed description after a successful import. Something that tells the user that they need to select the key they want to use in the account settings.

However, if the user had opened the import wizard from the Key Management window, then maybe we should automatically open the account settings.

I'm planning to explore this option in bug 1652537 as well.

the Account Settings page won't refresh to show my newly imported key. I have to close and reopen the settings page to proceed with the key selection.

Yes, this is a problem of the current key Manager. I will also fix this in bug 1652537.

(In reply to Alessandro Castellani (:aleca) from comment #3)

Alessandro, you already suggested it - and I agree - we should change the import secret key command in the Key Management window to also use your new wizard - to ensure the question is asked at import time. This has a very high priority IMHO.

Will do in bug 1652537.

ok

I wonder if we should set the checkmark "treat this key as a personal key" by default. It will be the standard action in most scenarios. It will be rare that users import a secret key of an identity that isn't their own. Informing the user and giving them a chance to uncheck the checkmark might be sufficient.

Sounds good to me. Do you think it might raise some security concerns having that option opt-out instead of opt-in?

It's a difficult decision. We can also try to keep is off-by-default for another few weeks and wait for results from testing. We could still decide to change it last minute before 78.2, if necessary.

I suggest that we change the "Close" button to "Continue".
After the user clicks Continue, the display would change to say "To start using your imported OpenPGP key, go to account settings and select it." - and a close button in that view.

Instead of this, I'd suggest writing a more detailed description after a successful import. Something that tells the user that they need to select the key they want to use in the account settings.

You already have a lot of information in that screen.

My thinking was, if it's a separate dialog, and each dialog has less text, then the chance is higher that people will read it.

Your call.

However, if the user had opened the import wizard from the Key Management window, then maybe we should automatically open the account settings.

I'm planning to explore this option in bug 1652537 as well.

ok

See Also: → 1652537

I think opt-out would be better.

Assignee: nobody → alessandro
Status: NEW → ASSIGNED
Priority: -- → P1
Attached patch 1653813-key-import.diff (obsolete) — Splinter Review

This patch sets the "Treat as a Personal key" option checked by default when importing keys.
It also introduces a couple of extra captions and better descriptions in the final import screen.

Attachment #9165158 - Flags: review?(kaie)
Attachment #9165158 - Flags: feedback?(mkmelin+mozilla)

Setting leave-open, to prevent auto-closing by bots. I'm guessing there will be multiple patches.

Keywords: leave-open
Comment on attachment 9165158 [details] [diff] [review]
1653813-key-import.diff

I like it, thank you!

However, I still have the problem that in the final step of the import, with two imported keys shown in the summary, the lower part of the dialog is invisible.
Attachment #9165158 - Flags: review?(kaie) → review+

Setting leave-open, to prevent auto-closing by bots. I'm guessing there will be multiple patches.

Am I missing something from this bug?
The other points will be addressed in bug 1652537 so I think we don't need to keep it open once the patch lands (I'm fixing the resize problem BTW, so I'll remove your r+)

Comment on attachment 9165158 [details] [diff] [review]
1653813-key-import.diff

Removing the flags since an updated patch is coming.
Attachment #9165158 - Flags: review+
Attachment #9165158 - Flags: feedback?(mkmelin+mozilla)

This fixes the sizing issue when importing multiple keys at once.

Attachment #9165158 - Attachment is obsolete: true
Attachment #9165220 - Flags: review?(kaie)
Attachment #9165220 - Flags: review?(kaie) → review+

(In reply to Alessandro Castellani (:aleca) from comment #9)

Setting leave-open, to prevent auto-closing by bots. I'm guessing there will be multiple patches.

Am I missing something from this bug?
The other points will be addressed in bug 1652537

ok

Keywords: leave-open

(In reply to Kai Engert (:KaiE:) from comment #12)

(In reply to Alessandro Castellani (:aleca) from comment #9)

Setting leave-open, to prevent auto-closing by bots. I'm guessing there will be multiple patches.

Am I missing something from this bug?
The other points will be addressed in bug 1652537

ok

Although I'd like to see this done as part of this simplification bug, and not as part of a rework key manager bug - at least it should be done before the complete rework IMHO.

Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/c03d0753336a
Improve the UX of the OpenPGP key import workflow. r=KaiE

Status: ASSIGNED → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 80.0
Comment on attachment 9165220 [details] [diff] [review]
1653813-key-import.diff

[Approval Request Comment]
Necessary to keep in sync the OpenPGP features.
Attachment #9165220 - Flags: approval-comm-esr78?
Attachment #9165220 - Flags: approval-comm-beta?
Comment on attachment 9165220 [details] [diff] [review]
1653813-key-import.diff

Approved for beta  (TBD if we actually uplift to 79 or not)
Approved for esr78
Attachment #9165220 - Flags: approval-comm-esr78?
Attachment #9165220 - Flags: approval-comm-esr78+
Attachment #9165220 - Flags: approval-comm-beta?
Attachment #9165220 - Flags: approval-comm-beta+
You need to log in before you can comment on or make changes to this bug.