Closed Bug 1998102 Opened 7 months ago Closed 2 days ago

Consider adding hkps://mail-api.proton.me to the default key server list

Categories

(MailNews Core :: Security: OpenPGP, enhancement)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
enhancement

Tracking

(relnote-thunderbird +, thunderbird_esr140 wontfix, thunderbird152 wontfix, thunderbird153 fixed)

Status:
RESOLVED FIXED
Milestone:
153 Branch
Tracking Flags:
Tracking Status
relnote-thunderbird --- +
thunderbird_esr140 --- wontfix
thunderbird152 --- wontfix
thunderbird153 --- fixed

People

(Reporter: mkmelin, Assigned: mkmelin)

References

(Blocks 2 open bugs)

Details

Attachments

(2 files)

Bug 1998102 - Add hkps://mail-api.proton.me to the default key server list. r=kaie
48 bytes, text/x-phabricator-request
Details | Review
Bug 1998102 - Follow up to fix keyserver test. r=#thunderbird-reviewers
48 bytes, text/x-phabricator-request
Details | Review

See https://proton.me/blog/address-verification-pgp-support

We should consider adding hkps://mail-api.proton.me to the default keyserver list

Assignee: nobody → mkmelin+mozilla

I think this is unnecessary, because Proton also hosts their keys on WKD, and we already query WKD.

Can you please check? Even without your patch, Thunderbird should already be able to find keys for proton mail users.

Well, duplication of key source is not necessarily bad. There are some benefits:

  • "Refresh Online" doesn't use WKD, so refreshing for a Proton user won't work atm. xref bug 1735033.
  • you get multiple sources (for upcoming confidence work)
  • for future "trust keyserver" that's not possible if I have to trust WKD, which would seem somewhat less safe

Actually seems our wkd for proton isn't really what it should be either... https://searchfox.org/comm-central/rev/99bc428ec6be3c5bad4b5986765655ecf5bc1e47/mail/extensions/openpgp/content/modules/wkdLookup.sys.mjs#305-324

Status: NEW → ASSIGNED
See Also: → 2047358

Besides bug 2047358 the new implementation works with all the example email addresses that I have tested.

status-thunderbird152: --- → wontfix
status-thunderbird_esr140: --- → wontfix
Target Milestone: --- → 153 Branch

Pushed by martin@humanoids.be:
https://hg.mozilla.org/comm-central/rev/ffae2ca378aa
Add hkps://mail-api.proton.me to the default key server list. r=kaie

Status: ASSIGNED → RESOLVED
Closed: 3 days ago
Keywords: checkin-needed-tb
Resolution: --- → FIXED

Is this relnote worthy? Or does the WKD stuff already mostly cover protonmail for recipients without custom domain?

reopen to fix tests

Status: RESOLVED → REOPENED
Resolution: FIXED → ---

Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/d2a4124c10b6
Follow up to fix keyserver test. r=mkmelin

Status: REOPENED → RESOLVED
Closed: 3 days ago2 days ago
Resolution: --- → FIXED

Release Note Request (optional, but appreciated)
[Why is this notable]: Better interoperability with Proton mail users.
[Suggested wording]: Added the Proton Mail key server to the default keyserver list. Refreshing the key of a Proton Mail user will now work. We also removed an old, related workaround from before Proton had WKD support. As a consequence, keys for Proton hosted domains can now be found by Thunderbird using WKD.

relnote-thunderbird: --- → ?
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: