Closed Bug 1714371 Opened 3 years ago Closed 3 years ago

visible one-click public key import

Categories

(Thunderbird :: Untriaged, enhancement)

enhancement

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: c3023, Unassigned)

Details

Attachments

(1 file)

Attached image tb78_import.jpg

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0

Steps to reproduce:

  1. received email with public key (autocrypt, and/or attached public key file)
  2. did not see any button for importing the public key
  3. alternatives:
    3a) right-click on attachment, and say "import OpenPGP key"
    3b) left-click on "OpenPGP" icon (right top corner of an email), and then left-click on "import .."

Actual results:

I imported the public key, but I didn't see an easy to understand button (e.g. "Import OpenPGP key"). instead I had to click 2-3 times until I was offered to import the key.

Expected results:

to simplify encryption, also for users who do not understand how encryption works, but only know they need the public key of the recipient, and are looking for the most straightforward solution, there should be a easy to spot button with the word "import", or a very easy to understand icon (see attachment).

TB68 with enigmail had a bar showing up above the email whenever there was a key attached. It was a clear indication to users that "there is something to do", and clicking it started the "assistant" to import the public key.

Already, TB78 spots whether a key is already imported or not - so this import button could just show up in case the key is missing. Upon click, you come to the "unverified/accepted" popup to import the attached key.

This should work for both autocrypt-added, and attached keys.

Maybe it sounds silly, but it makes a world of a difference to users, who never click the button to get encryption info, so they never think of clicking it to import a key.

I think a combination of bug 1667564 and bug 1627956 would solve this issue in a better way.

Hi Magnus,

yes you are right. But on reading the bugs, it seems to me, it might take some time until there has been found a decision how to implement this best. Also, these bugs touch other topics like trust/TOFU or opportunistic encryption.

This button (or another visible way to see that there is a key to import) would not touch those questions, but instead provide visual guidance to easily identify emails with keys to import (and keep the existing workflow - accept/unverified vs not accepted/undecided - when clicking import). Most users will not think about the need to require a key to send encrypted messages, so they will not look how to import a missing key.

I'm not sure how e.g. Outlook shows incoming keys. But Roundcube+enigma shows a colored box and clear text at the end of an email: one click on that link imports the key(s). I think that is easier than "hiding" the import button behind the OpenPGP button.

I think we won't be pursuing this.

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: