openpgp account settings should hide external gnupg keys if pref is false
Categories
(MailNews Core :: Security: OpenPGP, defect)
Tracking
(thunderbird_esr78 fixed, thunderbird81 fixed)
People
(Reporter: KaiE, Assigned: aleca)
Details
Attachments
(1 file)
|
2.13 KB,
patch
|
KaiE
:
review+
wsmwk
:
approval-comm-beta+
wsmwk
:
approval-comm-esr78+
|
Details | Diff | Splinter Review |
If a user switches mail.openpgp.allow_external_gnupg back to false, the account settings should no longer show/offer an external key ID.
If the account's setting is_gnupg_key_id is true, then the value of openpgp_key_id should be ignored. The key configuration should be treated as None.
Alessandro, does this make sense?
|
Reporter | |
Comment 1•5 years ago
|
||
Besides the UI change I mentioned above, I think I should also work on an additional backend code change.
The code that uses the openpgp_key_id should ignore it, if allow_external_gnupg is false, and is_gnupg_key_id is true. (Currently it would attempt to look for openpgp_key_id as a RNP key.)
|
Assignee | |
Comment 2•5 years ago
|
||
If a user switches mail.openpgp.allow_external_gnupg back to false, the account settings should no longer show/offer an external key ID.
Are you sure about this?
Shouldn't that option only affect the ability to add an external key, but if the user already has one we should allow it to be deleted, or at least let the user be aware that an external key is still registered with his identity?
The code that uses the openpgp_key_id should ignore it, if allow_external_gnupg is false, and is_gnupg_key_id is true. (Currently it would attempt to look for openpgp_key_id as a RNP key.)
Sorry, I'm a bit confused by this.
Wouldn't be easier to keep the allow_external_gnupg pref only for the Key Wizard, and let the user manage all the keys he has created/saved independently?
I'm saying this because, I think, with the external tag it's pretty obvious which key is which and we won't mislead the user in using an external key when they don't want it.
|
|
Assignee | |
Comment 3•5 years ago
|
||
I think I found another small UI issue:
- Have 2 identities, one with a regularly created OpenPGP Key, the other with no keys.
- Configure an external key for each identity.
- The second identity, the one with no keys and only the external key, should be set to None.
- The first identity, the one with the external key and another normal key, should have the normal key selected.
In the Account Settings, switching between the two e2e pages of the two identities causes the None radio button of the second identity to be unselected, even if the configuration remains correct and the UI of the None selection gets properly highlighted.
|
|
Assignee | |
Comment 4•5 years ago
|
||
The issues listed in comment 3 were fixed in bug 1663422.
Kai, would you have time to answer my questions in comment 2?
|
|
Reporter | |
Comment 5•5 years ago
|
||
(In reply to Alessandro Castellani (:aleca) from comment #2)
If a user switches mail.openpgp.allow_external_gnupg back to false, the account settings should no longer show/offer an external key ID.
Are you sure about this?
Shouldn't that option only affect the ability to add an external key, but if the user already has one we should allow it to be deleted, or at least let the user be aware that an external key is still registered with his identity?
If that pref is false, the backend code will never use an external ID.
Showing the external key ID will mislead the user into thinking we might use it.
The code that uses the openpgp_key_id should ignore it, if allow_external_gnupg is false, and is_gnupg_key_id is true. (Currently it would attempt to look for openpgp_key_id as a RNP key.)
Sorry, I'm a bit confused by this.
Wouldn't be easier to keep theallow_external_gnupgpref only for the Key Wizard, and let the user manage all the keys he has created/saved independently?
The pref controls what happens in the backend in multiple places. It's not limited to using a configured key id. It also controls if we attempt to load an external third party library. It controls if we attempt decryption attempts to the external third party code (which is independent of configured key IDs).
That pref is designed to disable all use of the external gnupg crypto library interaction.
|
|
Assignee | |
Comment 6•5 years ago
|
||
Sounds good, thanks for the detailed explanation.
Patch incoming.
|
|
Assignee | |
Updated•5 years ago
|
|
|
Reporter | |
Updated•5 years ago
|
|
|
Reporter | |
Updated•5 years ago
|
Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/79e7f41d84a5
Hide external GnuPG key if allow_external_gnupg pref is false. r=KaiE
|
|
Assignee | |
Updated•5 years ago
|
|
|
Reporter | |
Comment 9•5 years ago
|
||
Comment on attachment 9174811 [details] [diff] [review]
1657111-external-gnupg.diff
OpenPGP edge case correctness fix, let's bake in Beta.
|
||
Comment 10•5 years ago
|
||
Comment on attachment 9174811 [details] [diff] [review]
1657111-external-gnupg.diff
[Triage Comment]
Approved for beta
|
||
Comment 11•5 years ago
|
||
| bugherder uplift | ||
Thunderbird 81.0b4:
https://hg.mozilla.org/releases/comm-beta/rev/e15650b0c25f
|
|
Reporter | |
Comment 12•5 years ago
|
||
Comment on attachment 9174811 [details] [diff] [review]
1657111-external-gnupg.diff
Should be low risk to take this OpenPGP correctness fix on esr78
|
|
||
Comment 13•5 years ago
|
||
Comment on attachment 9174811 [details] [diff] [review]
1657111-external-gnupg.diff
[Triage Comment]
Approved for esr78
|
|
||
Comment 14•5 years ago
|
||
| bugherder uplift | ||
Thunderbird 78.3.0:
https://hg.mozilla.org/releases/comm-esr78/rev/69b0e246b3f0
Description
•