Open Bug 1836262 Opened 1 year ago Updated 1 year ago

Hide digital signature status (OpenPGP or S/MIME) unless the signature is technically correct and we have at least some evidence the signer key belongs to the sender address

Categories

(MailNews Core :: Security: OpenPGP, enhancement)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: KaiE, Unassigned)

References

Details

(Whiteboard: project-tracker)

The suggestion is to change how Thunderbird shows feedback for OpenPGP and S/MIME messages that contain elements that apparently contain a digital signature, but verifying the signature status fails.

The suggestion is to no longer show security indicators for such messages at all (show equivalent status as for cleartext messages).

This is a rough description of how it should work - I believe some scenarios still need some display. For example, a good signature, made with a signing key that isn't yet authenticated/accepted/verifed, might still be shown in some way, encouraging the user to perform authentication.

Before we work on code, we need to design the intended behavior.

See Also: → 1836264
See Also: → 1836276
See Also: → 1603299

Interesting because it's also about email signature status:
https://www.usenix.org/conference/soups2022/presentation/mayer

Whiteboard: project-tracker
Summary: Only show OpenPGP or S/MIME security indicators for messages with a good status → Hide the digital signature (OpenPGP or S/MIME) unless the signature is technically correct and we have at least some evidence the signer key belongs to the sender
Summary: Hide the digital signature (OpenPGP or S/MIME) unless the signature is technically correct and we have at least some evidence the signer key belongs to the sender → Hide digital signature status (OpenPGP or S/MIME) unless the signature is technically correct and we have at least some evidence the signer key belongs to the sender
Summary: Hide digital signature status (OpenPGP or S/MIME) unless the signature is technically correct and we have at least some evidence the signer key belongs to the sender → Hide digital signature status (OpenPGP or S/MIME) unless the signature is technically correct and we have at least some evidence the signer key belongs to the sender address
See Also: → 1863018
You need to log in before you can comment on or make changes to this bug.