Closed Bug 1670494 Opened 5 years ago Closed 5 years ago

Make PGP signing deliberate again

Categories

(MailNews Core :: Security: OpenPGP, enhancement)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1670806

People

(Reporter: mnl, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:81.0) Gecko/20100101 Firefox/81.0

Steps to reproduce:

Sent message with PGP signature.

Actual results:

Message was sent.

Expected results:

Signing something should be a deliberate act. This was ensured by enigmail because I had to enter my password for the secret key when sending a signed message.

I understand that you wanted to make using PGP as simple as possible. but some things shouldn't be too easy.

How about this: before a signed message is sent, thunderbird asks for the master password. (Messages from users who don't care for their secret keys enough to set a master password can't be trusted anyway.)

To keep things easy for "casual" users, the above behavior could be made optional. Of course, disabling the additional check for sending a signed message must be protected as well, i.e. unchecking the option is only accepted after entering the master password.

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE

Marking this as a duplicate of 1670806 misses a point.

Obviously, I failed to make my point that this is not about unauthorized access to the computer. This is about preventing myself (the authorized user) from myself.

In real life, you think twice before signing something (well, you should). This was perfectly modeled by enigmail, because I had to enter the password. Which was a small hurdle similar to taking out my fountain pen, taking off the cap and giving me another second to reconsider if I really want to sign the document.

Of course, you can argue that clicking the check-box is enough of a hurdle. And, of course, these things depend on character. (As you may guess, I'd never use NFC payment without confirmation action.) That's why I marked this as a feature request. And it's perfectly okay to reject it if it's only me who'd love to see this implemented. But this is definitely not about unauthorized access.

It sounds like you are asking for "never sign by default", even when sending an encrypted messages.

That way, you'd only sign if you deliberately request it using options.

(In reply to Kai Engert (:KaiE:) from comment #3)

It sounds like you are asking for "never sign by default", even when sending an encrypted messages.

That way, you'd only sign if you deliberately request it using options.

Yes.

You need to log in before you can comment on or make changes to this bug.