Need to simplify personal key treatment of imported keys
Categories
(MailNews Core :: Security: OpenPGP, enhancement, P1)
Tracking
(thunderbird_esr78 fixed, thunderbird79 fixed)
People
(Reporter: KaiE, Assigned: aleca)
References
Details
(Keywords: ux-efficiency, ux-error-prevention)
Attachments
(1 file, 1 obsolete file)
10.05 KB,
patch
|
KaiE
:
review+
wsmwk
:
approval-comm-beta+
wsmwk
:
approval-comm-esr78+
|
Details | Diff | Splinter Review |
We've been getting repeated reports were users had trouble to set up OpenPGP correctly after importing an existing secret key.
The reason is that the old approach to import a secret key, using the OpenPGP Key Management dialog, doesn't ask the user "treat this as personal key?" at import time. It means users are not aware they need to confirm that.
The new import mechanism from inside the account settings (which should be available soon with 78.0.1) will likely fix that - because it will ask the question at import time.
Action 1:
Alessandro, you already suggested it - and I agree - we should change the import secret key command in the Key Management window to also use your new wizard - to ensure the question is asked at import time. This has a very high priority IMHO.
Action 2:
I wonder if we should set the checkmark "treat this key as a personal key" by default. It will be the standard action in most scenarios. It will be rare that users import a secret key of an identity that isn't their own. Informing the user and giving them a chance to uncheck the checkmark might be sufficient.
Then, apparently it isn't obvious that after importing of a key, the OpenPGP feature needs to be enabled in account settings, by selecting the imported key.
If users will import from within the account settings, then it MIGHT be obvious, that after importing, it is still necessary to select a key.
However, if users are importing from the Key Management window, they'll not be aware.
Action 3:
Currently, the final step of the import wizard says "openpgp keys successfully imported", with details shown, and a "Close" button.
I suggest that we change the "Close" button to "Continue".
After the user clicks Continue, the display would change to say "To start using your imported OpenPGP key, go to account settings and select it." - and a close button in that view.
If the user has accessed the "secret key import" from within the account settings, then we are done.
However, if the user had opened the import wizard from the Key Management window, then maybe we should automatically open the account settings.
Reporter | ||
Comment 1•4 years ago
|
||
You might suggest "we could automatically select the imported key in account settings".
This might work in the following scenario:
- we imported exactly one key
- the imported key contains only one email address
- we find a matching configured email account
- currently, there is no openpgp key selected for that email account
In this simple scenario, we could potentially offer the user "would you like to start using OpenPGP with email account <email-in-key>"? If yes, we could automatically select that key.
In all other scenarios, I wouldn't do it automatically. If there are multiple keys, the interaction would be too complex. (Or we'd have to display a series of multiple questions.) If the imported key contains multiple email addresses, it gets complex to decide for which accounts we'd offer to automatically enable. If there is already a key selected for a single key and its single email address, we don't know if it makes sense to automatically enable it, because the user might simply be importing an older key to be able to decrypt older emails.
Therefore I think that reminding the user to make their selection in account settings will hopefully be sufficient.
One thing related to this: When I access the Key Manager through the Account Settings page (because the Import dialog of the Add Key wizard asks me to do so), do the import personal key and acceptance stuff and close the Key Manager, the Account Settings page won't refresh to show my newly imported key. I have to close and reopen the settings page to proceed with the key selection.
This usability problem might be obsolete when I can import my key directly via "Add Key".
Assignee | ||
Comment 3•4 years ago
|
||
Alessandro, you already suggested it - and I agree - we should change the import secret key command in the Key Management window to also use your new wizard - to ensure the question is asked at import time. This has a very high priority IMHO.
Will do in bug 1652537.
I wonder if we should set the checkmark "treat this key as a personal key" by default. It will be the standard action in most scenarios. It will be rare that users import a secret key of an identity that isn't their own. Informing the user and giving them a chance to uncheck the checkmark might be sufficient.
Sounds good to me. Do you think it might raise some security concerns having that option opt-out instead of opt-in?
I suggest that we change the "Close" button to "Continue".
After the user clicks Continue, the display would change to say "To start using your imported OpenPGP key, go to account settings and select it." - and a close button in that view.
Instead of this, I'd suggest writing a more detailed description after a successful import. Something that tells the user that they need to select the key they want to use in the account settings.
However, if the user had opened the import wizard from the Key Management window, then maybe we should automatically open the account settings.
I'm planning to explore this option in bug 1652537 as well.
the Account Settings page won't refresh to show my newly imported key. I have to close and reopen the settings page to proceed with the key selection.
Yes, this is a problem of the current key Manager. I will also fix this in bug 1652537.
Reporter | ||
Comment 4•4 years ago
|
||
(In reply to Alessandro Castellani (:aleca) from comment #3)
Alessandro, you already suggested it - and I agree - we should change the import secret key command in the Key Management window to also use your new wizard - to ensure the question is asked at import time. This has a very high priority IMHO.
Will do in bug 1652537.
ok
I wonder if we should set the checkmark "treat this key as a personal key" by default. It will be the standard action in most scenarios. It will be rare that users import a secret key of an identity that isn't their own. Informing the user and giving them a chance to uncheck the checkmark might be sufficient.
Sounds good to me. Do you think it might raise some security concerns having that option opt-out instead of opt-in?
It's a difficult decision. We can also try to keep is off-by-default for another few weeks and wait for results from testing. We could still decide to change it last minute before 78.2, if necessary.
I suggest that we change the "Close" button to "Continue".
After the user clicks Continue, the display would change to say "To start using your imported OpenPGP key, go to account settings and select it." - and a close button in that view.Instead of this, I'd suggest writing a more detailed description after a successful import. Something that tells the user that they need to select the key they want to use in the account settings.
You already have a lot of information in that screen.
My thinking was, if it's a separate dialog, and each dialog has less text, then the chance is higher that people will read it.
Your call.
However, if the user had opened the import wizard from the Key Management window, then maybe we should automatically open the account settings.
I'm planning to explore this option in bug 1652537 as well.
ok
Comment 5•4 years ago
|
||
I think opt-out would be better.
Assignee | ||
Updated•4 years ago
|
Assignee | ||
Comment 6•4 years ago
|
||
This patch sets the "Treat as a Personal key" option checked by default when importing keys.
It also introduces a couple of extra captions and better descriptions in the final import screen.
Reporter | ||
Comment 7•4 years ago
|
||
Setting leave-open, to prevent auto-closing by bots. I'm guessing there will be multiple patches.
Reporter | ||
Comment 8•4 years ago
|
||
Assignee | ||
Comment 9•4 years ago
|
||
Setting leave-open, to prevent auto-closing by bots. I'm guessing there will be multiple patches.
Am I missing something from this bug?
The other points will be addressed in bug 1652537 so I think we don't need to keep it open once the patch lands (I'm fixing the resize problem BTW, so I'll remove your r+)
Assignee | ||
Comment 10•4 years ago
|
||
Assignee | ||
Comment 11•4 years ago
|
||
This fixes the sizing issue when importing multiple keys at once.
Reporter | ||
Updated•4 years ago
|
Reporter | ||
Comment 12•4 years ago
|
||
(In reply to Alessandro Castellani (:aleca) from comment #9)
Setting leave-open, to prevent auto-closing by bots. I'm guessing there will be multiple patches.
Am I missing something from this bug?
The other points will be addressed in bug 1652537
ok
Reporter | ||
Comment 13•4 years ago
|
||
(In reply to Kai Engert (:KaiE:) from comment #12)
(In reply to Alessandro Castellani (:aleca) from comment #9)
Setting leave-open, to prevent auto-closing by bots. I'm guessing there will be multiple patches.
Am I missing something from this bug?
The other points will be addressed in bug 1652537ok
Although I'd like to see this done as part of this simplification bug, and not as part of a rework key manager bug - at least it should be done before the complete rework IMHO.
Comment 14•4 years ago
|
||
Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/c03d0753336a
Improve the UX of the OpenPGP key import workflow. r=KaiE
Assignee | ||
Updated•4 years ago
|
Assignee | ||
Comment 15•4 years ago
|
||
Comment 16•4 years ago
|
||
Reporter | ||
Comment 17•4 years ago
|
||
https://hg.mozilla.org/releases/comm-esr78/rev/4fd44fa59f9fc2e496760ab27830c824600b05c4
https://hg.mozilla.org/releases/comm-beta/rev/6c4398ac06bf223f93c0a420db7153d34332aa83
Description
•