provide option to always send public key with autocrypt header
Categories
(MailNews Core :: Security: OpenPGP, enhancement)
Tracking
(Not tracked)
People
(Reporter: u617804, Assigned: KaiE)
References
Details
Attachments
(2 files)
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Steps to reproduce:
Send mail with "security->attach my public key" unchecked.
Actual results:
I was surprised that the public key is not in the Autocrypt header of the sent mail.
Yesterday I sent an email with "attach my public key" checked, and saw that the key was sent in the Autocrypt header. I assumed the key would always be sent with the Autocrypt header, regardless of option "attach my public key".
Expected results:
In account preferences -> e2ee there should be an option "Send public key with Autocrypt header by default". If this is checked, the public key should mandatory be sent with the Autocprypt header, regardless of setting of option "attach my public key". The option "attach my public key" should therefore be renamed to "attach file with my public key".
This was also suggested in bug 1645514#c16
This was also suggested in bug 1645514 comment 16
|
||
Comment 3•4 years ago
|
||
IIRC, it's complicated since keys can be very large. We'd want to only ship the minimum key but that functionality is not yet available.
Thanks, stripping key to minimum is subject in bug 1629309
|
||
Comment 5•3 years ago
|
||
I understand that sending minimum keys is now possible since TB 91 and bug#1713664.
|
Assignee | |
Comment 7•3 years ago
|
||
before we can do this, we need to correctly handle keys with multiple recipients, because an autocrypt header must only contain one user id.
on sending, we'd have to strip away other user ids.
That brings the scenario that on the recipient side, partial keys can arrive. We need to ensure that we correctly handle merging of such partial keys in all scenarios where we collect and import keys.
In Thunderbird-102 enabling
"Attach my public key when adding an OpenPGP digital signature"
attaches the pubkey twice.
Via Autocrypt header and via attachment.
The attachment might be a good thing for receivers with older mail software.
But the attachment nearly doubles the mail size for small mails.
Also the key in the attachment isn't "clean". A clean key (in GnuPG terms) contains only the latest self signature.
So the attachment might be additionally bloated by additional legacy self signatures and by foreign signatures.
(the autocrypt key seems to be correctly "clean".
See also: https://bugzilla.mozilla.org/show_bug.cgi?id=1654950#c75
WORKAROUND:
Enable the "public key" setting, send a signed test mail and copy the Autocrypt header from the mails source.
Paste the header to a text editor and remove all newlines, so it becomes one long line with spaces.
Then disable the "public key" setting and add the Autocrypt header manually.
about:config
mail.identity.id1.headers -> Autocrypt
mail.identity.id1.header.Autocrypt -> HEADER-VALUE
Mind the "s" at the end of "headers" and "header"!
Replace HEADER-VALUE with the copied header Value. Starting with "Autocrypt: addr=...".
"id1" must be replaced if you use multiple mail accounts/identities in your Thunderbird profile.
See also: http://kb.mozillazine.org/Custom_headers
|
|
Assignee | |
Updated•2 years ago
|
(In reply to kolAflash from comment #8)
In Thunderbird-102 enabling
"Attach my public key when adding an OpenPGP digital signature"
attaches the pubkey twice.
Via Autocrypt header and via attachment.
[...]
Only happens with some PGP keys.
See also:
When sending an email and using the option to attach your OpenPGP
public key, and your key is sufficiently simply to be compatible with
Autocrypt, then Thunderbird will add the appropriate header in the
outgoing email, which can allow your correspondent to learn about your
public key.
https://thunderbird.topicbox.com/groups/e2ee/T689fcce37a1bfb1b
To stop this, I went into config editor and set
mailnews.headers.extraAddonHeaders to an empty value. But each time I
restart Thunderbird, it overwrites that empty value and sets this
configuration item to autocrypt openpgp again.
|
|
Assignee | |
Comment 10•2 years ago
|
||
|
|
Assignee | |
Updated•2 years ago
|
|
||
Updated•2 years ago
|
|
|
||
Comment 11•2 years ago
|
||
|
|
Assignee | |
Comment 12•2 years ago
|
||
Alex, we have a discussion about a wording in phab.
It might be good to get your opinion.
My initial suggestion for a new checkbox in OpenPGP advanced prefs was:
Send email headers for compatibility with Autocrypt
Then Magnus suggested
Include my public key in Autocrypt mail headers
which I think isn't accurate, for the reasons mentioned in phab.
My initial counter idea was:
Send OpenPGP public key information in emails for interoperability with Autocrypt email clients
But after more brainstorming, I came up with a quite different wording:
Send Autocrypt-compatible OpenPGP public key(s) along with an email's meta data
What do you think?
More explanations in phab
|
Reporter | |
Comment 13•2 years ago
|
||
(In reply to Kai Engert (:KaiE:) from comment #12)
Send Autocrypt-compatible OpenPGP public key(s) along with an email's meta data
Sounds good to me, my similar suggestion would be
"Send an Autocrypt-compatible simplified version of my public key in an email's meta data"
(I also made a comment in Phabricator, but it says "unsubmitted" so not sure if that is seeable at all)
|
|
Assignee | |
Comment 14•2 years ago
|
||
(In reply to Arvidt from comment #13)
(In reply to Kai Engert (:KaiE:) from comment #12)
Send Autocrypt-compatible OpenPGP public key(s) along with an email's meta dataSounds good to me, my similar suggestion would be
"Send an Autocrypt-compatible simplified version of my public key in an email's meta data"
My suggestion is more flexible. It could allow us to include "autocrypt gossip" information (about correspondent keys) in the email, without requiring another pref.
But I'm not sure if them form "public key(s)" is allowed in the user interface. Maybe being specific, and potentially introduce another pref in the future, would be better?
|
|
Assignee | |
Comment 15•2 years ago
|
||
(In reply to Arvidt from comment #13)
(I also made a comment in Phabricator, but it says "unsubmitted" so not sure if that is seeable at all)
Commenting in phabricator might need special permissions, I'm not sure.
Let's discuss the wording here in bugzilla.
|
|
Reporter | |
Comment 16•2 years ago
|
||
(In reply to Kai Engert (:KaiE:) from comment #14)
Send Autocrypt-compatible OpenPGP public key(s) along with an email's meta data
My suggestion is more flexible. It could allow us to include "autocrypt gossip" information (about correspondent keys) in the email, without requiring another pref.
OK thanks, I understand now your wider (than this bug) scope thinking, and agree to your suggestion.
|
||
Comment 17•2 years ago
|
||
Send Autocrypt-compatible OpenPGP public key(s) along with an email's meta data
I think this makes sense, but it reads a bit heavy.
I'd suggest something like
"Include OpenPGP public key(s) in the email header for compatibility with Autocrypt"
I don't have a strong opinion on this, so your suggested string is good if you think my rewording doesn't hit the mark.
|
|
Assignee | |
Comment 18•2 years ago
|
||
(In reply to Alessandro Castellani [:aleca] from comment #17)
I'd suggest something like
"Include OpenPGP public key(s) in the email header for compatibility with Autocrypt"
Thanks Alex.
I'd prefer to change the first word. "Send" not "Include", to allow the user to understand when exactly we will be doing that (the user can imply that it's a pref related to sending message)."
Would that also work for you?
"Send OpenPGP public key(s) in the email header for compatibility with Autocrypt"
|
|
Assignee | |
Comment 20•2 years ago
|
||
The following additional question came up during review.
The current wording suggests to use "email header". I'd prefer that.
Magnus suggested to use "message header" instead.
I'm slightly worried that "message header" is too generic, and that the term "header" doesn't have a specific meaning when talking about messages in general.
On the other hand, I think it can be easily looked up what an "email header" is (probably even in other languages), if a user needs to look up that term.
Alex?
|
|
Assignee | |
Updated•2 years ago
|
|
||
Comment 21•2 years ago
|
||
Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/8341c540648f
Option for sending autocrypt headers, enable sending independent of key attachment. Support merging partial Autocrypt keys. r=mkmelin
https://hg.mozilla.org/comm-central/rev/ed69dcd94782
Add test for Autocrypt only collection. r=kaie
|
|
Assignee | |
Updated•2 years ago
|
|
||
Comment 23•2 years ago
|
||
Running 114.0b5, I cannot get the autocrypt header to be sent event with the option checked. Do you observe the same regression?
|
|
||
Comment 24•2 years ago
|
||
Seems to be working for me. Maybe you're sending from some identity where it's not checked? Anyway, if you still see a problem, please file a new bug.
|
|
||
Comment 25•2 years ago
|
||
Maybe you're sending from some identity where it's not checked?
double-checked, I'm sending with the right identity.
Anyway, if you still see a problem, please file a new bug.
ack, thanks.
|
|
Assignee | |
Comment 26•2 years ago
|
||
I also see the header being added.
Are you sure your identity has an OpenPGP key configured/selected in account settings e2ee?
|
|
||
Comment 27•2 years ago
|
||
Are you sure your identity has an OpenPGP key configured/selected in account settings e2ee?
yes
I tested more. This happens for one particular account, not another one.
Hypothesis: the header is removed by some SMTP server along the way.
|
|
||
Comment 28•2 years ago
|
||
Hypothesis: the header is removed by some SMTP server along the way.
excluded, I changed the SMTP server, it's still the same problem.
|
|
Assignee | |
Comment 29•2 years ago
|
||
Let's continue the discussion in bug 1836601.
Description
•