Open Bug 1899278 Opened 9 months ago Updated 9 months ago

messages and compose APIs: Add detailed info on the S/MIME certificate or PGP key used

Categories

(Thunderbird :: Add-Ons: Extensions API, enhancement)

Product:
Thunderbird
Component:
Add-Ons: Extensions API
Type:
enhancement

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: tdulcet, Unassigned, NeedInfo)

References

Details

[This was first requested in bug 1732669 comment 6.]

Please add detailed information on the S/MIME certificate or PGP key used to the messages.messageheader and compose.ComposeDetails objects. For both S/MIME and PGP/MIME, the existing webRequest.SecurityInfo and webRequest.CertificateInfo objects show the type of information that is needed. While many of the TLS related properties in the former obviously do not apply, the CertificateInfo object should be an exact fit for S/MIME certificates.

Specifically, for S/MIME, this could include for each certificate in the chain the:

  • Subject
  • Issuer
  • Validity start and end dates
  • Fingerprint
  • Public key algorithm and key length
  • Raw certificate in DER encoding

For PGP/MIME, this could include the:

  • User ID
  • Creation and expiration dates
  • Fingerprint for each key
  • Public key algorithm and key length for each key
  • Raw keys

For both, it would also be useful to indicate whether the certificate or key respectively is considered secure and if it is insecure, information about why so. For example, this could include similar properties to those found in the SecurityInfo object, such as the security state, weaknessReasons, errorMessage, isNotValidAtThisTime, isUntrusted, etc. Any information that is displayed in the Thunderbird UI about the S/MIME certificate or PGP key should be made available to add-ons so that they can make their own assessment on whether to trust the certificate or key respectfully.

I would like to update my Server Status extension to support Thunderbird (maybe called Mail Status), but I would first need this information. Instead of showing details about the SSL/TLS certificate, it would need show information about the S/MIME certificate or PGP key used to digitally sign or encrypt the message.

Depends on: 1732669

I guess the same is valid for the MailIdentity properties added in bug 1899285?

I wonder if the correct approach here is to check certs and keys based on recipients, and move that function to the messengerUtils API.

Yes, this information would likely be useful in the mailidentity object as well.

I wonder if the correct approach here is to check certs and keys based on recipients, and move that function to the messengerUtils API.

Note that we have both the sender and recipient's certificates/keys, and these APIs should likely provide information on both. The sender's certificate/key is used for digitally signing the message, while each recipient's certificate/key is used for encrypting it. These can change over time, as they expire or are revoked and new ones are provisioned/generated... S/MIME signed messages usually include the public certificate with each message, while the public key typically needs to be sent in advance for PGP/MIME messages. Kai could of course provide much more information.

Status: NEW → UNCONFIRMED
Ever confirmed: false

I will not be able to work on this anytime soon.

Flags: needinfo?(kaie)
You need to log in before you can comment on or make changes to this bug.