Closed Bug 1655088 Opened 2 months ago Closed 2 months ago

Prevent sending encrypted message with BCC

Categories

(MailNews Core :: Security: OpenPGP, defect)

defect

Tracking

(thunderbird_esr78 fixed, thunderbird79 fixed)

RESOLVED FIXED
Thunderbird 80.0
Tracking Status
thunderbird_esr78 --- fixed
thunderbird79 --- fixed

People

(Reporter: KaiE, Assigned: KaiE)

References

Details

Attachments

(1 file)

When sending an encrypted message, the included meta info contains a list of all recipients of the message (required for each recipient to be able to decrypt it).

This means, recipients cannot be hidden. They aren't visible in the header, but the meta information reveals them all.

Enigmail used to offer a trick, which was described as unreliable. And that trick doesn't work with RNP.

After discussing with Alessandro what to do, given that we need a solution by today, we decided that a message should be shown "cannot send", and that we block sending.

Suggested wording inside the patch which I will attach in a few minutes.

I've avoided to reorder the execution of functions, to not introduce regressions last minute.

That's why I'm preparing the warning message earlier, and only later we might show the error.

Assignee: nobody → kaie
Status: NEW → ASSIGNED

Nice that this is handled. Just today, for a test I sent an encrypted mail with Bcc, and to Bcc it was silently not delivered. I thought, well that will have a reason for security. Having a information to the user is good.

Duplicate of bug 119384.

Though that is for S/MIME

Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/7d5973ddee15
Prevent sending encrypted message with BCC. r=PatrickBrunschwig

Status: ASSIGNED → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED

Comment on attachment 9165948 [details]
Bug 1655088 - Prevent sending encrypted message with BCC. r=PatrickBrunschwig

Don't mislead OpenPGP users about the non-privacy of BCC.

Attachment #9165948 - Flags: approval-comm-esr78?
Attachment #9165948 - Flags: approval-comm-beta?

received a=wsmwk for both comm-beta and comm-esr78 on Matrix

Type: enhancement → defect
Target Milestone: --- → Thunderbird 80.0
See Also: → 119384

Comment on attachment 9165948 [details]
Bug 1655088 - Prevent sending encrypted message with BCC. r=PatrickBrunschwig

Per previous comment Approved for esr78, and beta 79.0b3
(and already landed)

Attachment #9165948 - Flags: approval-comm-esr78?
Attachment #9165948 - Flags: approval-comm-esr78+
Attachment #9165948 - Flags: approval-comm-beta?
Attachment #9165948 - Flags: approval-comm-beta+
Blocks: 1662396
You need to log in before you can comment on or make changes to this bug.