Signing keys requires signing all User IDs (even if some are bad)
OpenPGP addon for Mozilla Thunderbird
Brought to you by:
pbrunschwig
Menu
▾
▴
#388 Signing keys requires signing all User IDs (even if some are bad)
fixed
nobody
None
1.7.2
Enhancement
34.0~b1
2.1.2
All
3.0
nobody
2020-12-27
2015-01-21
No
When signing a key from the "key management" dialog box in enigmail 1.7.2, my only option appears to be to certify every user ID associated with the key.
Even worse, the dialog box i'm shown immediately during the keysigning only shows the primary User ID -- there is no hint that i might be certifying any other user IDs.
The right fix for this would be to present a list of checkboxes, one per User ID that the person is going to certify. Additionally, if there are User Attributes, those images should also be presented, along with a checkbox.
As a short-term workaround, at the very least, all User IDs and User Attributes to be certified should be displayed to the user.
Otherwise, i can add a phony user ID to my key, and get enigmail users to sign my key based on my primary User ID, and then take advantage of their certification of my phony User ID.
I agree, this should be foreseen in "advanced" mode.
On Sat 2015-01-31 10:19:50 -0500, Patrick Brunschwig wrote:
I'm not sure what you mean by this: are you saying that the advanced
mode now has a taste of the UX that is planned for everything? or do
you think that distinguishing which User IDs to sign is a feature that
should only be for users in "advanced" mode?
I hope it's not the latter -- i think we do regular (non-advanced) users
no favors by signing hidden user IDs on their behalf, when the only
thing that they think they're signing is the one presented to them.
I actually consider this behavior a pretty nasty bug, because enigmail
is doing something with the user's secret key material that the user is
actually completely unaware of.
Implemented on master - we display now all UIDs (but not the UATs).
I don't think this is fixed yet -- just displaying all the user IDs doesn't allow the user to select which ones they have verified.
Consider 0xA405E58AB3725B396EDB85C1318EFAC5FBBDBCE -- someone who has verified "Ximin Luo" may not have verified "Satoshi Nakamoto" (or vice versa) -- they ought to be able to certify only the ones they've verified.
implemented on master