Closed Bug 1654767 Opened 4 years ago Closed 4 years ago

Send Autocrypt key header for simple keys

Categories

(MailNews Core :: Security: OpenPGP, enhancement)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
enhancement

Tracking

(thunderbird_esr78 fixed, thunderbird79 fixed)

Status:
RESOLVED FIXED
Milestone:
Thunderbird 80.0
Tracking Flags:
Tracking Status
thunderbird_esr78 --- fixed
thunderbird79 --- fixed

People

(Reporter: KaiE, Assigned: KaiE)

References

Details

Attachments

(1 file)

Bug 1654767 - Send Autocrypt key header for simple keys. r=PatrickBrunschwig
47 bytes, text/x-phabricator-request
wsmwk
: approval-comm-beta+
wsmwk
: approval-comm-esr78+
Details | Review

RNP gave us an API to extract a simpler key.

It allows us to extract the combination of the primary key plus an encryption sub key, and it can strip away other keys.

It allows to extract only one user ID, and strip away other user IDs.

That means we could start sending an autocrypt key header, however, I think we should restrict it to users who are using a simple key.

My worry is related to our automatic notifications, that we show to the user if there is a key attached (either real attachment or an autocrypt header).

Currently, we prevent the "key attached" notification, as soon as we detect that the attached key ID has already been imported at an earlier time.

This means, if the sender changed the sub key they use for expiration, we currently wouldn't notice.

Also, if the sender has assigned two separate user IDs to the key, and we send only one, what will happen if the same sender later sends the same key with the other ID? The recipient using Thunderbird wouldn't get a notification for importing the new key, because the same key is already present.

Also, if the primary key has a different expiration than the single encryption sub key, it is a signal that the user might intend to start using separate subkeys at a later time.

I think before we offer sending minimized keys, we need to have a better story for detecting and importing keys with a modified structure. But that's something for a later time.

At this, if we consider to attach an autocrypt key header, I think we should only do it for very simple keys, one subkey, same expiration, one user ID.

The other question is, when should we automatically attach an autocrypt header for key distribution?

I think that initially, we should add the header if we're also attaching the real/full key at the same time, only.

This can achieve compatibility with email agents that support Autocrypt headers, only, but don't support key attachments, for example DeltaChat.
https://github.com/deltachat/deltachat-core-rust/issues/1456

Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/40f634170be6
Send Autocrypt key header for simple keys. r=PatrickBrunschwig DONTBUILD

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED

Comment on attachment 9165644 [details]
Bug 1654767 - Send Autocrypt key header for simple keys. r=PatrickBrunschwig

Enables compatibility with OpenPGP software that supports Autocrypt key headers, only, for obtanining OpenPGP keys, not using attachments.

Attachment #9165644 - Flags: approval-comm-esr78?
Attachment #9165644 - Flags: approval-comm-beta?

received a=wsmwk for both comm-beta and comm-esr78 on Matrix

Target Milestone: --- → Thunderbird 80.0

Comment on attachment 9165644 [details]
Bug 1654767 - Send Autocrypt key header for simple keys. r=PatrickBrunschwig

Per previous comment Approved for esr78, and beta 79.0b3
(and already landed)

Attachment #9165644 - Flags: approval-comm-esr78?
Attachment #9165644 - Flags: approval-comm-esr78+
Attachment #9165644 - Flags: approval-comm-beta?
Attachment #9165644 - Flags: approval-comm-beta+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: