Auto-lookup for OpenPGP keys via WKD
Categories
(MailNews Core :: Security: OpenPGP, enhancement)
Tracking
(Not tracked)
People
(Reporter: johannes.koenig+bugzilla, Unassigned)
References
Details
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0
Steps to reproduce:
I use Thunderbird 78 with a corporate Web Key Directory.
Actual results:
The current process for discovering new keys in TB 78.11.0 via WKD, which is necessary on a regular basis, is to manually discover one key at a time, by starting to write an email to them and clicking through the long discover key dialog (multiple menus with in total 7 clicks per email) or to manually enter every new email address via the OpenPGP Key Manager "Discover Keys Online" functionality. Additionally, it is impossible to automatically discover every key required for a defined alias for group encryption, while writing an email, because the discovery option is disabled. The current state is infeasible for organisations, as pointed out by multiple other users in different threads (see [1] and [2]) and requires a solution for automatic key discovery in TB.
Expected results:
As a solution, I propose an automatic key lookup, similar to the implementation in Enigmail for TB 68 or also in Gpg4win / GpgOL [3]. If a user enables encryption by default and enters an email address for a recipient without a corresponding key, TB should automatically try to discover the key via WKD. To make this transparent, TB could give an according visual indication that a new key has been imported via WKD. Similarily, if a user writes an email to a recipient that is configured as a group alias, TB should try to automatically discover all missing keys for this alias via WKD. This would provide an easy solution to discover new keys, especially for organisations.
Security concerns and possible solution:
In the other bug report [1], the concern was raised that the server administration could swap out the key for a specific user and launch a MITM attack.
To address this concern, TB could (as pointed out in the other bug report) set auto key discovery as the non-default behaviour that is only enabled by an option and additionally require a whitelist of domains for which the automatic lookup is executed. This would ensure that this feature is only used for trusted domains, e.g. an organisation domain. As also pointed out in the bug report, it is a core concept of a WKD to implement a trusted entity for a trusted domain through which keys can be discovered. Combined with the greatly enhanced usability compared to the current situation, where it is almost impossible to use encrypted emails with TB in an organisation because of the inability to regularly discover larger numbers of new keys, this should not hold back automatic key discovery via WKD for TB.
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1665570
[3] https://wiki.gnupg.org/WKD#What_does_it_mean_for_users.3F
|
Reporter | |
Comment 1•3 years ago
|
||
Note: Similar problems have been raised in another bug report [1], but the ticket has been renamed to fit to another problem mentioned in this ticket, so I decided to create a separate request for specifically this feature.
|
||
Comment 2•3 years ago
|
||
Related to bug#1695048.
|
||
Updated•3 years ago
|
Description
•