Open Bug 1780148 Opened 3 years ago Updated 3 years ago

Offer to create key pair without name-entry

Categories

(MailNews Core :: Security: OpenPGP, enhancement, P3)

Product:
MailNews Core
Component:
Security: OpenPGP
Version:
Thunderbird 102
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: u617804, Unassigned)

Details

Steps to reproduce:

  • Have a mail identity with a name entry (e.g. "John") and a mail address entry (e.g. john@example.com)
  • Create a OpenPGP key pair for that identity within TB

Actual results:

The created key has a name entry with value John and a mail entry with the mail address

Expected results:

Email provider posteo.de, which offers very good privacy, offers the possibility to upload your public key to their WKD. But their key policy (https://posteo.de/en/help/policies-for-public-keys) is "The name field must be empty or contain your email address only"
With the TB created key, the name field contains "John <john@example.com" but to fullfill the Posteo key policy the name field would have to be either empty or only contain john@example.com.
So I would request to offer the user when creating a key pair with TB, to let the name field be empty or only contain the mail address.
Maybe the name entry should always only contain the mail address?
Maybe there are other solutions?
Right now, I guess I have to create the key pair out of TB to have the ability to leave the name field empty or contain only the mail address and theirfore be abple to publish the key on Posteo's WKD?

You could temporarily edit your Thunderbird account settings, and change your "name" field to be empty.

Then generate a key. This will create a key with a user ID that contains
<alice@example.com>

Does posteo accept that?

We could change Thunderbird to use only the email address, without the <> characters, if the name is empty.

Status: UNCONFIRMED → NEW
Ever confirmed: true

(In reply to Kai Engert (:KaiE:) from comment #1)

You could temporarily edit your Thunderbird account settings, and change your "name" field to be empty.

Then generate a key. This will create a key with a user ID that contains
<alice@example.com>

Does posteo accept that?

Yes, it does, posteo does not bother about the brackets <>

We could change Thunderbird to use only the email address, without the <> characters, if the name is empty.

I think this would be good, because it's clear and maybe other providers don't accept brackets <>

Maybe there could be a button "Empty name field of key" or "Replace name field with just the email address" for comfort, so you do not need to have to create a new key pair which is confusing?

At least I did not had the tricky idea of this workaround to change the name field and then create a new key pair.

Is it correct that posteo could stripe the name field of a key they received for publishing via their WKD? But they just do not do that?
I am wondering if it would be best to always set the name field of a generated key just to the mail address, to be safe for such requirements like the one of posteo? Users could then identify the key just via the mail address, I guess this should be sufficient?
(GPA does not accept an empty name field when generating a new key pair, too, so I guess leaving it completely empty is not so common)

That seems like a strange policy. But the page also says you can only use @posteo.net addresses: "Keys that you have created for email addresses with other providers can not be uploaded." I guess they really really want you to create the key through their interface...

(In reply to Magnus Melin [:mkmelin] from comment #5)

That seems like a strange policy.

What do you feel strange? "[...] real name in the name field. Such keys can not be uploaded to Posteo, because Posteo does not save any personal information, for privacy reasons." I find this adorable.

But the page also says you can only use @posteo.net addresses: "Keys that you have created for email addresses with other providers can not be uploaded."

That's true, posteo does also not allow the customers to use their own domains, since for that they would have to store personal identifying information and that would break the privacy-oriented concept, so mail domain has to be @posteo.* (see https://posteo.de/en/site/faq "Can I use Posteo with my own domains?")

I guess they really really want you to create the key through their interface...

How do you come to that guess? They explicitly write about creating the key with "encryption programs":
"Although the name field exists in many programs, entering a name is not necessary in order to create a PGP key. When creating your key, leave the name field empty. If you encryption program does not allow this, you can alternatively enter your email address in the name field."

(In reply to Kai Engert (:KaiE:) from comment #1)

We could change Thunderbird to use only the email address, without the <> characters, if the name is empty.

What about popping up a text field "Name field of the key" in the process of generating a key pair in TB, which could default to the name entry of the mail identity, together with the hint "You can set this empty for privacy reasons if you want to publish the public key (some publishing providers may even require an empty name field)" ? Or maybe the name field box could even default to be empty.

(In reply to Arvidt from comment #6)

(In reply to Magnus Melin [:mkmelin] from comment #5)

That seems like a strange policy.

What do you feel strange? "[...] real name in the name field. Such keys can not be uploaded to Posteo, because Posteo does not save any personal information, for privacy reasons." I find this adorable.

Heh, as if the email usually wouldn't be "personal information"... I mean, nobody is forcing you to use your real, nor full name there if you don't want to.

Then then you do use the key with email, and normally you want a display name for your emails, which would still be seen by everyone - certainly posteo would see those headers on their servers, i.e. they are still storing it.

That's true, posteo does also not allow the customers to use their own domains, since for that they would have to store personal identifying information

The email is still personal identifying information. I don't buy this.

Mail provider Mailfence says in it's KB article howto import your public key (that will be published via their WKD):

Note: By importing the Key pair/Personal key, you consent to make its public key (including e-mail address and name) available on our Web Key Directory server.

I would suggest to let the TB key pair generation process make name field empty by default, but offers a button "Add name to public key" that has to be actively clicked by the user, and before adding a name, there should be a warning "Be aware that when you plan to publish this key (e.g. on your mail provider's WKD), you will publish the name entry"

The email address is not so secret, you can test it's existence anyway by sending a test mail to an address, so it's semi-published. If there is a public key with that address published by WKD it is not much more information.

Severity: -- → S3
Priority: -- → P3

I think we have many important issues to work on, given there is a workaround, I don't consider this a priority. However, I'd accept a (complete) patch that implements it.

I'd prefer a radio button for the UI, which shows the two alternatives we're offering:

  • email
  • name <email>

I'd keep the default selection at the second one.

If the name is empty in settings, we can hide the radio selection.

You need to log in before you can comment on or make changes to this bug.