Show the OpenPGP signature date when the signature is rejected because of its date
Categories
(MailNews Core :: Security: OpenPGP, enhancement)
Tracking
(thunderbird_esr115 fixed)
| Tracking | Status | |
|---|---|---|
| thunderbird_esr115 | --- | fixed |
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
wsmwk
:
approval-comm-esr115+
|
Details | Review |
The work in bug 1775628 was insufficient to understand when a failure is rejected because of the signature time.
We currently require that the difference between the OpenPGP signature date and the message date must be at most one hour.
If it's more, we display the signature as invalid.
Unfortunately, in that scenario, the status info doesn't show the date, so it's difficult to understand the reason.
I would like to add a minimal fix for the 115 branch, that shows the date.
We could do better, and also show a better explanation, but that will require new strings, which we probably cannot add to the 115 branch. So I'll split that enhancement into a separate bug.
|
Assignee | |
Comment 1•2 years ago
|
||
|
||
Updated•2 years ago
|
|
|
Assignee | |
Updated•2 years ago
|
|
|
Assignee | |
Comment 2•2 years ago
|
||
I've manually tested this shared code still works for scenarios in which no signature date is available at all, for example, if the signature data block is missing or corrupted.
|
|
Assignee | |
Comment 3•2 years ago
|
||
I'd like to add, I was motivated to fix this scenario, because I received an email that had this problem, and without having this information, it took too much time to debug.
|
||
Comment 4•2 years ago
|
||
Interesting. Did you figure out how/why it had happened?
|
|
Assignee | |
Comment 5•2 years ago
•
|
||
As I understand it, an email message was prepared manually, and was given later to an email software. I'm guessing it was done to prepare multiple similar messages, maybe with a script.
The message seemed legitimate to me, email sender and signer were the same person.
The difference was 1.5 hours, so just slightly above the threshold of 1 hour that Thunderbird currently tolerates.
|
|
Assignee | |
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/8876813fc665
Show OpenPGP signature timestamp for rejected signatures. r=mkmelin
|
|
Assignee | |
Comment 7•2 years ago
|
||
Comment on attachment 9362553 [details]
Bug 1863705 - Show OpenPGP signature timestamp for rejected signatures. r=mkmelin
[Approval Request Comment]
Regression caused by (bug #): incomplete fix in bug 1775628
User impact if declined: difficult to diagnose bad signature
Testing completed (on c-c, etc.):
Risk to taking this patch (and alternatives if risky): low
|
||
Comment 8•2 years ago
|
||
Comment on attachment 9362553 [details]
Bug 1863705 - Show OpenPGP signature timestamp for rejected signatures. r=mkmelin
[Triage Comment]
Approved for esr115
|
||
Comment 9•2 years ago
|
||
| bugherder uplift | ||
Thunderbird 115.5.1:
https://hg.mozilla.org/releases/comm-esr115/rev/6b3cdb374d2c
Description
•