[Pkg-mozext-maintainers] Bug#773537: enigmail: Confusing UI (potentially dangerous) when temporarily trusting an untrusted key

Andrew Gallagher Andrew.Gallagher at ward.ie
Fri Dec 19 16:19:05 UTC 2014 

Package: enigmail
Version: 2:1.7.2-3
Severity: minor

Dear Maintainer,


When sending an encrypted message to someone whose key is untrusted, if I
forget to check "trust the keys of all recipients" I am prompted with a list of
keys to select from, with the untrusted key not preselected. If I select the
untrusted key from that list and continue, the resulting error message is less
than user friendly:

USERID_HINT D5BF93B014A49700 Andrew Gallagher <andrew.gallagher at ward.ie>
NEED_PASSPHRASE D5BF93B014A49700 D5BF93B014A49700 1 0
GOOD_PASSPHRASE
INV_RECP 10 0xFFFFFFFFFFFFFFFF

Evidently gpg has not accepted the untrusted key for encryption purposes.


Expected behaviour:

1. If I explicitly and manually select an untrusted key in the list dialog box
it should temporarily trust that key.

Otherwise, there should be another method to temporarily trust a particular
key. "trust the keys of all recipients" has persistent state and needs to be
manually unchecked the next time a message is composed, which is potentially
dangerous.

2. The error message should be friendlier, e.g. "Key 0xFFFFFFFFFFFFFFFF is not
trusted".

Andrew.



-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages enigmail depends on:
ii  gnupg    1.4.18-6
ii  icedove  31.3.0-1
ii  libc6    2.19-13

Versions of packages enigmail recommends:
ii  gnupg-agent  2.0.26-3

enigmail suggests no packages.

-- no debconf information

The information in this email and any attachments contain confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail, the attachments or any part thereof. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Unless expressly stated, this email is not intended to create any contractual relationship. If this email is not sent in the course of the senders employment or fulfilment of his/her duties to Ward Solutions, Ward Solutions accepts no liability whatsoever for the content of this message or any attachment(s). Ward Solutions Ltd. Registered in Republic of Ireland at 2054 Castle Drive, CityWest Business Campus, Dublin 24 Reg. No. 316165.

More information about the Pkg-mozext-maintainers mailing list