Closed Bug 288273 Opened 19 years ago Closed 19 years ago

Detach or Delete Attachment with Digitally Signed Messages make Message Unreadable/Invalid

Categories

(Thunderbird :: Message Compose Window, defect)

x86
Windows XP
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: Peter, Assigned: Bienvenu)

Details

(Keywords: dataloss)

Attachments

(1 file)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050327 Firefox/1.0+
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050327 Firefox/1.0+

Detach or Delete Attachment with Digitally Signed Messages make Message
Unreadable/Invalid

Reproducible: Always

Steps to Reproduce:
1. Send digitally signed (e.g. Thawte) message with attachment to self.
2. Receive message and delete or detach attachment
3 [review]. Try to read new message without the attachment

Actual Results:  
1. New message is completely blank (no text)
2. "Digital Signature is not Valid

Expected Results:  
1. The message's text should be there.
2. The digital signature should remain valid (also for other senders)
Losing an important message's text is dataloss -> dataloss
Keywords: dataloss
the fix is going to be to disable detaching/deleting attachments from
signed/encrypted messages.
Assignee: mscott → bienvenu
Status: UNCONFIRMED → NEW
Ever confirmed: true
Attached patch proposed fixSplinter Review
this also cleans up the dummy header stuff a bit, after some prodding by Neil.
Attachment #185606 - Flags: superreview?(mscott)
(In reply to comment #2)
> the fix is going to be to disable detaching/deleting attachments from
> signed/encrypted messages.

That sounds more like a workaround than a fix. This would be a disincentive for
users to communicate securely via certificates. Why take funnctionality away
from users who are communicating securely? I can foresee corporations wanting to
use certs more and more, and corporations are often detaching attachments.

Is there no acceptable technical solution to this?

If yes, should I file a new bug: "Allow detach/delete attachments for digitally
signed messages" so this problem can be more elegantly solved in the future?

we can't remove the attachment, and keep the message as signed or encrypted,
since altering the message breaks the signature/encryption. We could save the
message as non-signed/encrypted, though we'd have to warn the user, and of
course, write the code to do that.
(In reply to comment #5)
> We could save the message as non-signed/encrypted,
> though we'd have to warn the user

This would seem the better solution, since having signed/encrypted messages are
the most relevant when they are received, not when they are stored in Local Folders.

This would allow users to use signatures *and* remove attachments.

A warning could be as simple as:

+-----------------------------------------------------------+
| Removing the attachment(s) will also remove the           |
| signature/encryption from this message. The message will  |
| still be readable.                                        |
|                                                           |
| Do you still want to remove the attachment(s)?            |
|                                                           |
|              [[ Yes ]]        [ No ]                      |
+-----------------------------------------------------------+

There could also be a [ More Info ] button at the bottom that opens the relevant
part of the Help file.
yes, eventually that would be the way to go. We may not have time to do that for
1.1, however, unless someone volunteers to help.
I just realized that the dialog could get annoying, especially since having
locally stored message that are signed/encrypted is less important. Hence one of
those nifty "annoy me again?" checkboxes would be needed (UNchecked by default).

+===========================================================+
|                                                           |
|  / \  Removing the attachment(s) will also remove the     |
| / | \ signature/encryption from this message.             |
| -----                                                     |
| Do you still want to remove the attachment(s)?            |
|                                                           |
| [ ] Show this alert the next time I remove an attachment  |
|     from a signed/encrypted message.                      |
|                                                           |
|           [[ Yes ]]      [ No ]      [ Help... ]          |
+-----------------------------------------------------------+

PS. Should bug 288700 and this bug be dupes?
Attachment #185606 - Flags: superreview?(mscott) → superreview+
Attachment #185606 - Flags: approval-aviary1.1a2?
Attachment #185606 - Flags: approval-aviary1.1a2? → approval-aviary1.1a2+
fixed on trunk. I'll file an rfe for allowing this by unencrypting the message.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.