Closed Bug 1831547 Opened 2 years ago Closed 2 years ago

Suggest users to publish their OpenPGP public key in account settings

Categories

(MailNews Core :: Security: OpenPGP, enhancement)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
enhancement

Tracking

(thunderbird_esr102 wontfix)

Status:
RESOLVED FIXED
Milestone:
115 Branch
Tracking Flags:
Tracking Status
thunderbird_esr102 --- wontfix

People

(Reporter: KaiE, Assigned: KaiE)

References

Details

Attachments

(2 files, 1 obsolete file)

Bug 1831547 - Suggest publishing the configured OpenPGP key in account settings. r=elizabeth
48 bytes, text/x-phabricator-request
wsmwk
: approval-comm-beta+
Details | Review
publish-button.png
44.08 KB, image/png
Details

In bug 1731232, publishing the user's own public key to a keyserver was added as a new feature in OpenPGP Key Manager.

I suggest to make that feature more easily discoverable.
I think in account settings we should offer the user to publish their key.

Very little work,
only requires a new string and a new button.

Justification:

Publishing oneself's public key on a keyserver is a very helpful way to enable others to send you encrypted email (even if you haven't communicated ever before).

While this functionality was already added a few months ago to the advnaced OpenPGP Key Manager UI, I thought it could help make it more discoverable, by offering it prominently in the account settings.

Note that it isn't a one time action. After one makes changes to their own key, for example extending the expiration date on your own key, you might want to publish it again (to update the information that's stored on the keyserver). That's why I'm not trying to remove the notice after publishing.

Attached image publish-button.png
Depends on: 1731232
Attachment #9331817 - Attachment description: Bug 1831547 - Suggest publishing the configured OpenPGP key on a keyserver. r=elizabeth → Bug 1831547 - Suggest publishing the configured OpenPGP key in account settings. r=elizabeth

I'd like to respond here in bugzilla to a concern that Magnus raised in phabricator, becauseI think bugzilla is a better place for general feature discussions:

Magnus said:

While publishing is an important feature, I'm not sure this is the best place to put this notice. There are many other important actions as well (such as backup), and listing everything up front doesn't scale.

It's true that it would be very important to have guidance for key backup as well.

However, I think that we should try to guide users in the right places.

The best time to remind users about the key backup would be at the time a new key is generated. In the process to do so, we should explain the importance of the secret key, and the negative consequences of losing the secret key. I'm in favor of implementing an enhancement to do that, but it will require touching several dialogs of the key generation workflow, which is currently spread out to several dialogs. I think that procedure needs an overhaul, and it should also explain the importance of making a backup of the revocation certificate (which we currently automatically store in the user's profile directory, but don't advertise anywhere).

Key publishing is something the user isn't required to do. But it's helpful to do. It simplifies bootstrapping encrypted communication.

I think that publishing a key is a functionality that is related to "configuring" the key, the user's decision to use a particular key for their own key.

The account settings dialog, and the end-to-end encryption tab, is mostly a one-time thing the user has to do. Once it's set up, the user has rarely a need to go back.

Users go here because they know they want to use encryption, or because they have been told to setup encryption.

After users have set up encryption for themselves (by adding and selecting their own key), they might conclude they are "done". A naive user might assume that everything else will be automatic. But it isn't. It's necessary to share your own key, and users might not be aware of that need. Yes, while we help users by including their key in outgoing emails (with the recent work in bug 1688495 even more automatically), they might still wonder "why are other people not able to send me encrypted email? I do have created an encryption key already!".

For that reason, I think it's reasonable to tie the recommendation to publish the user's own public key in this place, at the time they configure their own key. It's the right time to remind the user about it.

Magnus also said:

Since we don't remember whether we published the key either... it's somewhat awkward to have this notice always showing.

I'm ok to implement smarter logic in a follow-up bug. We could hide the notification after the user has published it.

However, there are situations in which the user will have to publish the key AGAIN. If the user makes changes to the key's expiration date the changed key must be re-published, to allow others to learn about the refreshed key validity.

If we want a smarter behavior for showing or not showing this reminder, we need smarter logic to track whether the key has been modified after the last publication date - and show the suggestion to publish again, after a modification was made.

Given we don't have this yet, keeping this button visible should be acceptable. The user doesn't visit this dialog often.

I would have added Publish to the More menu,

Yes, once we have the smarter show/hide logic, we should add it to the More menu, too.

and perhaps add a reminder after creating the key + perhaps "did you know" notification when visiting these settings if we know it's not published (we should keep track, or check the server).

Yes, something we can consider later, when we have more time.

Keywords: checkin-needed-tb

Pushed by john@thunderbird.net:
https://hg.mozilla.org/comm-central/rev/d955789f1c40
Suggest publishing the configured OpenPGP key in account settings. r=elizabeth

Status: NEW → RESOLVED
Closed: 2 years ago
Keywords: checkin-needed-tb
Resolution: --- → FIXED

Oh no, I made a mistake. When I was asked to change the type of button, it became necessary to change the Fluent string, and I had removed the .label

This was bad, because this wasn't the string I'm adding as part of this patch - it was a pre-existing string that I had reused, but which is still being used in a different place...

We need to revert that, and add a new, separate string for the "Publish" button string.

Status: RESOLVED → REOPENED
Resolution: FIXED → ---

It's better to back this out and land it again with the fix applied.
I'm doing it

Attachment #9332201 - Attachment is obsolete: true
Backout by alessandro@thunderbird.net: https://hg.mozilla.org/comm-central/rev/3a55a7e4d6b8 Backed out changeset d955789f1c40 due to wrong strings. r=backout DONTBUILD

Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/cb5380ac0019
Suggest publishing the configured OpenPGP key in account settings. r=elizabeth,r=rjl

Status: REOPENED → RESOLVED
Closed: 2 years ago2 years ago
Resolution: --- → FIXED

Comment on attachment 9331817 [details]
Bug 1831547 - Suggest publishing the configured OpenPGP key in account settings. r=elizabeth

It would be helpful to get early testing of this feature in 114 beta

[Approval Request Comment]
Regression caused by (bug #): none
User impact if declined:
Testing completed (on c-c, etc.): yes
Risk to taking this patch (and alternatives if risky): none

Attachment #9331817 - Flags: approval-comm-beta?

Comment on attachment 9331817 [details]
Bug 1831547 - Suggest publishing the configured OpenPGP key in account settings. r=elizabeth

[Triage Comment]
Approved for beta

Attachment #9331817 - Flags: approval-comm-beta? → approval-comm-beta+
status-thunderbird_esr102: --- → wontfix
Target Milestone: --- → 115 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: