291145 - RFE: Increase UI warnings when showing signed emails with evidence of tampering

Status: NEW

(Thunderbird :: Mail Window Front End, enhancement)

Description

[Fred Dinkler IV]

User-Agent:       Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.7.6) Gecko/20050328 Firefox/1.0.2
Build Identifier: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.7.6) Gecko/20050328 Firefox/1.0.2

This is not the same as insuficent warning on untrusted cert. If you modify
message text in transit, the sig will fail as it should, and you will get the
headder icon if you expand the headder. If a message has been signed and
tampered with, it warrants more than a icon easily missed. If not a warning
dialog, then at least a slide bar akin to the "Show Images" or "This is Junk"
that says "Sig Failed"

Reproducible: Always

Steps to Reproduce:
1.Send signed e-Mail
2.Tamper e-Mail text in transit (helps if you have mail server access)
3.Get mail

Actual Results:  
not much

Expected Results:  
warrned in a readily obvious manner

Comment 1

[Mike Cowperthwaite]

(In reply to comment #0)
> If not a warning dialog, then at least a slide bar akin to the "Show Images"
> or "This is Junk" that says "Sig Failed"

This is an excellent idea, and I would further suggest that the "invalid cert" 
warning also generate this kind of a display, instead of a warning dialog.

However: this is not a "major" bug:
  https://bugzilla.mozilla.org/page.cgi?id=fields.html#bug_severity

Comment 2

[Bob Lord]

Changing Summary.

The idea is that TB should be more vocal when a signed email shows up having been altered in some way.

Some caveats: 
-Some mailing lists tamper with emails, causing emails to fail to verify
-Some mail services like AOL have tampered with email when there are attachments (even vcards, etc.)

If there are too many false alarms, users will not pay attention.