Closed Bug 1669034 Opened 4 years ago Closed 4 years ago

[OpenPGP] Ergonomics problem

Categories

(Thunderbird :: Mail Window Front End, defect)

Product:
Thunderbird
Component:
Mail Window Front End
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 135636

People

(Reporter: damien.d, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:81.0) Gecko/20100101 Firefox/81.0

Actual results:

Since the integration of OpenPGP management into Thunderbird, the two choices we got regarding the use of PGP are insufficient. If you pick "None", you have to go in the menu every time you want to encrypt an email. If you pick "Require encryption", it will display an error message and refuse to send when you want to send to someone not having a key − and you have to go in the menu as well to disable it.

Expected results:

Consider the following elements :

  • It needs to be clear whether the emails that are going to be sent are encrypted or not. As far as ergonomics go, might as well have the enable buttons showing this status.
  • You shouldn't have to manually make that choice by default. The default condition is easy : if there is a key, attempt encryption, else don't.
  • Sometimes, you need to only sign an email to new people, but not always ; in short it's better to control signature and encryption separately, and to have manual control.
  • Sometimes, you need to send cleartext emails even to people that you already know and who have a key (when solving PGP-related problems for example, or other tests).
  • Ever since that security flaw about how you can modify an unsigned encrypted email became clearer, it's been known you should sign all encrypted emails by default (while still leaving a choice).

You guessed it : I'm asking you to just imitate the ergonomics of Enigmail.

I understand that you needed to leave Enigmail and integrate the feature into Thunderbird. But the end-user appearance and ergonomics ? Those two yellow buttons were just perfect. They answered all the aforementioned concerns.

In fact, I'm not asking you. I'm begging you. For the love of god. Please. It's already complicated enough to get the average user to do encryption at all, let alone do it properly. Even I, as a programmer, have dropped encryption in daily work life because of this problem (I send a lot of emails).

Side note : point 2 might benefit from #1667254

Thank you for your work btw. The Internet needs Thunderbird.

I think your main point is bug 135636. (For referencing bugs, please just write "bug" and the number to autolink. E.g. bug 1667254.)

Not to mention bug1665611. I don't know how I missed these in the search ; sorry.

That guy from 4 years ago was right too : ergonomics ARE part of security after all.
But now we have Enigmail's experience :)

Hopefully you can reuse part of its code.

I close this as duplicate, I guess, so as to not stay on your back.

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.