In OpenPGP composer security info, explain the possibility to use recipient alias rules
Categories
(MailNews Core :: Security: OpenPGP, enhancement)
Tracking
(Not tracked)
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
Attachments
(1 file)
Today, when the user attempts to send an OpenPGP encrypted email, Thunderbird expects that an accepted OpenPGP public key is available for each recipient, and Thunderbird expects that each such key contains a user ID with a matching email address.
While this is the obvious way to find a matching key, we got feedback from advanced users that they were surprised about this limitation.
That was one of the reasons that we introduced the possibility to configure recipient alias rules (implemented in bug 1644085).
At this time, we don't offer a user interface to edit such rules. As long as we don't, I think it's reasonable to declare it as an advanced feature, and ask users to manually set the pref.
However, at least we can make the feature more discoverable.
I suggest that we add explanation text to the dialog, which reports the available or missing keys for each recipients. That's the dialog that is shown after being unable to send, or if you click the security button in the composer window.
Currently, that dialog explains: "To send an end-to-end encrypted message, you must obtain and accept a public key for each recipient."
I suggest that we add the following text at the bottom: "Thunderbird usually requires that the recipient's public key contains a user ID with a matching email address. To override this requirement you may use OpenPGP recipient alias rules, which is an advanced configuration mechanism. [Learn More]".
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 1•3 years ago
|
||
Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/ee4823c2eb1b
In OpenPGP composer security info, explain the possibility to use recipient alias rules. r=mkmelin
Description
•