TB no longer offers to import an attached openpgp key in unsigned/unencrypted messages
Categories
(MailNews Core :: Security: OpenPGP, defect, P1)
Tracking
(thunderbird_esr91? fixed, thunderbird96 fixed)
People
(Reporter: KaiE, Assigned: KaiE)
References
(Regression)
Details
(Keywords: regression)
Attachments
(3 files, 1 obsolete file)
60.81 KB,
image/png
|
Details | |
48 bytes,
text/x-phabricator-request
|
rjl
:
approval-comm-beta+
|
Details | Review |
5.49 KB,
patch
|
wsmwk
:
approval-comm-esr91+
|
Details | Diff | Splinter Review |
With Thunderbird 78, if an incoming email had an OpenPGP key attached, either as regular attachment or as an autocrypt header, it was ALWAYS possible to import that key.
Now, importing is possible only when the incoming email is considered an OpenPGP message - e.g. because it contains a signature.
For a plain email, not signed, with a key attached, we don't offer importing :(
Assignee | ||
Comment 1•2 years ago
|
||
I guess this regression was introduced when the global notification bars were removed, and moved to the doorhanger below the OpenPGP label.
We need a solution for messages that are neither signed nor encrypted.
Potentially the OpenPGP label could be shown without further info, just offering to import the attached key.
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Updated•2 years ago
|
Comment 2•2 years ago
|
||
Good point, thanks for filing this bug.
We could potentially offer a couple of entry points to solve this problem:
- Show a dedicated quick button in the header to import the attached keys. This wouldn't open a doorhanger, but it would trigger the import immediately. It would be showed only if the message is not an OpenPGP message, so only if the encryption button is not visible.
- Integrate an "Import key" menu item in the context menu of an attached key, and in the "save" button of the attachment bar.
What do you think?
Assignee | ||
Comment 3•2 years ago
|
||
(In reply to Alessandro Castellani [:aleca] from comment #2)
- Show a dedicated quick button in the header to import the attached keys.
I wouldn't offer importing without further information.
There is an additional scenario that is now less noticable, but in which giving additional information is necessary, prior to the offer to import.
If there is already an accepted key for the sender, but the incoming attached key is different, then we show a warning message - to make the user aware that this could be a potential attack. String ID: openpgp-be-careful-new-key
(The new UI still shows this warning, but again, it's only visible when clicking the OpenPGP label for signed/encrypted messages.)
Also note that a message may have an attached OpenPGP key, even if it uses an S/MIME signature or S/MIME encryption.
In my opinion, the following would be the most consistent:
If a message is neither OpenPGP signed nor OpenPGP encrypted, but contains an OpenPGP key - then show the OpenPGP label regardless. When clicking the OpenPGP label, the doorhanger would open. However, the doorhanger wouldn't talk about encryption or signature. The doorhanger could only show the section about the presence of a key, which can be imported.
This would be consistent, because we'd always offer key import from the same area.
If possible, I'd prefer if the optional string openpgp-be-careful-new-key could be highlighted in some way.
Previously, when notifications for an attached OpenPGP key were independent of the message security type, it would be always shown - even if the message used S/MIME technology.
Here is an idea for restoring this functionality.
We could show BOTH labels, both S/MIME and OpenPGP. The OpenPGP label would be limited to informing about the attached OpenPGP key. The S/MIME label would continue to talk about the used encryption and signature status for the message.
Comment 4•2 years ago
|
||
Comment 5•2 years ago
|
||
I agree with Kai and think that we should have an "OpenPGP" label for unencrypted and unsigned email that have a public key attached because it would be consistent with other such import features in daily and Thundebird 78.
openpgp-be-careful-new-key should be in the highlighted section as well, like it is right now in daily.
I'm in favor of keeping the notes about the message being unencrypted and unsigned, like in Thunderbird 78. If we display an "OpenPGP" label, I think that users will also expect the additional info about encryption and signing anyway. Without this info, they might wonder about the status of the email, given the "OpenPGP" label.
In other words, I think that we should bring back the behavior of Thunderbird 78. See the screenshot above. But maybe I missed something...
Assignee | ||
Comment 6•2 years ago
|
||
Oh, indeed, Thunderbird 78.14 showed the OpenPGP label for unencrypted/unsigned messages.
What caused that to go away in 91 ?
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 7•2 years ago
|
||
Looks like this was regressed by bug 1683865 and this commit:
https://hg.mozilla.org/releases/comm-esr91/rev/16972bd72bf2c874a292bc500ce0e34f7447eb67
That patched introduced a new API setMessageEncryptionStateButton for showing/hiding the OpenPGP UI element, but function unhideImportKeyBox in enigmailMessengerOverlay.js wasn't changed to use it.
I have a small patch that unhides the button, but I don't know if that approach is good, or if rather function unhideImportKeyBox should be changed to use setMessageEncryptionStateButton.
Henry, can you please suggest what to do, or provide a better patch if necessary?
Assignee | ||
Comment 8•2 years ago
|
||
Updated•2 years ago
|
Assignee | ||
Comment 9•2 years ago
|
||
We should fix esr91.
Assignee | ||
Comment 10•2 years ago
|
||
This is the latest phab patch merged to esr91, a difference in attributes hidden vs collapsed.
Assignee | ||
Comment 11•2 years ago
|
||
Comment on attachment 9253585 [details] [diff] [review]
1742593-91.patch
esr91 will need a different merged patch. I'll work on it once we're done with c-c.
Assignee | ||
Comment 12•2 years ago
|
||
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 13•2 years ago
|
||
Comment on attachment 9253907 [details] [diff] [review]
1742593-esr91.patch
This bug should be uplifted to esr91 after appropriate testing on comm-beta. I'm requesting it now so I don't forget.
[Approval Request Comment]
Regression caused by (bug #): 1683865
User impact if declined: missing functionality (cannot easily bootstrap OpenPGP by importing a key from a new contact)
Testing completed (on c-c, etc.):
Risk to taking this patch (and alternatives if risky): low
Assignee | ||
Comment 14•2 years ago
|
||
Comment on attachment 9252606 [details]
Bug 1742593 - Show OpenPGP label for unsigned/unncrypted messages with available key. r=henry
I assume it's too late for today's merge, so requesting beta uplift.
Comment 15•2 years ago
|
||
Pushed by geoff@darktrojan.net:
https://hg.mozilla.org/comm-central/rev/b293f5a93873
Show OpenPGP label for unsigned/unncrypted messages with available key. r=henry
Updated•2 years ago
|
Comment 16•2 years ago
|
||
Comment on attachment 9252606 [details]
Bug 1742593 - Show OpenPGP label for unsigned/unncrypted messages with available key. r=henry
[Triage Comment]
Approved for 96 beta1
Comment 17•2 years ago
|
||
uplift |
Thunderbird 96.0b1:
https://hg.mozilla.org/releases/comm-beta/rev/d553ddcbd85f1c222ad61ebc28ad79e9471afd31
Updated•2 years ago
|
Comment 18•2 years ago
|
||
Comment on attachment 9253907 [details] [diff] [review]
1742593-esr91.patch
[Triage Comment]
Approved for esr91
Comment 19•2 years ago
|
||
bugherder uplift |
Thunderbird 91.4.1:
https://hg.mozilla.org/releases/comm-esr91/rev/d5708ca3f785
Description
•