Enigmail / Bugs / #327 Enigmail doesn't take advantage of OpenPGP headers

#327 Enigmail doesn't take advantage of OpenPGP headers

Status: closed

Owner: nobody

Labels: None

Found in Version: 1.7.2

Severity: Enhancement

Thunderbird version:

GnuPG version:

Operating System: All

Fixed in version: ---

Cc: nobody

Updated: 2018-02-11

Created: 2014-09-04

Creator: Philj34

Private: No

Problem: If the sender of a signed and/or encrypted email has not exported his key to a public keyserver, the email signature cannot be verified and a reply can only be sent unencrypted and signed.

Some people as a matter of preference, do not want to put their keys on a public keyserver. Instead they take advantage of an agreed protocol to insert an OpenPGP header on sent emails and this header can contain the key id and a url from where the key can be imported.

At present, enigmail does not draw attention to nor display the OpenPGP header information for incoming emails. Thunderbird does permit by its configuration editor to display the OpenPGP header but this display takes several lines of real estate on the screen unless headers are collapsed (which is the default position for many users).

It would be useful for enigmail to draw attention to the OpenPGP header information in the following cases:

in all cases, an OpenPGP header if existing should form part of the coloured enigmail header (all colours) which is normally collapsed but can be expanded by clicking the + button.
in all cases, the OpenPGP header should be displayed as part of the Details/enigmail security info.
in cases of signed and/or encrypted emails,
IF the key is not found in the Keyring
AND IF the auto-download feature fails to find the key OR is not set in preferences,
then enigmail should display an alert AND attempt to import from the url provided in the OpenPGP header. Failure should provide another alert.

This last step could alternatively be :

then enigmail should display an alert AND offer to attempt to import from the url provided in the OpenPGP header with a cancel option for the user. Failure should provide another alert.

This should not be yet another option for users to set but should apply by default.

Discussion

Olav Seyfarth - 2014-09-04

Severity: Minor --> Enhancement

Thunderbird version: 31.0 -->

GnuPG version: 2.0.26 -->

Operating System: Linux --> All
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Patrick Brunschwig - 2018-02-11

status: open --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Patrick Brunschwig - 2018-02-11

The OpenPGP header is outdated. Instead, Enigmail processes the Autocrypt header.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Olav Seyfarth - 2018-02-11

Thus, should the OpenPGP header be remove from Enigmail?
Say, in a year? If so, this bug should stay open.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Patrick Brunschwig - 2018-02-11

I intend to remove it after Enigmail 2.0. But that's would be a new issue.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Enigmail doesn't take advantage of OpenPGP headers

OpenPGP addon for Mozilla Thunderbird

Searches

Help

#327 Enigmail doesn't take advantage of OpenPGP headers

Discussion