Project

General

Profile

Feature #9800

Only allow OpenPGP keys that match the provided email in WhisperBack

Added by BitingBird over 4 years ago. Updated 8 months ago.

Status:
Confirmed
Priority:
Low
Assignee:
-
Category:
-
Target version:
-
Start date:
07/24/2015
Due date:
% Done:

0%

Feature Branch:
Type of work:
User interface design
Starter:
Yes
Affected tool:
WhisperBack

Description

  • Only allow GPG keys that match the provided email, because Schleuder doesn't allow to write encrypted emails to an address with a different key.
  • Force user to provide armored public GPG key instead of just key ID (the keys are sometimes hard or impossible to fetch on the keyservers, and sometimes two keys share the same ID).

Those improvements would greatly simplify Frontdesk work.

Team: alan (code), sajolida (ux), emmapeel (?)


Related issues

Related to Tails - Bug #11200: More feedback when adding OpenPGP key to WhisperBack report Confirmed 03/08/2016
Related to Tails - Feature #12254: Explicit the need of armored (instead of binary) key in WhisperBack Confirmed 02/19/2017

History

#1 Updated by BitingBird over 4 years ago

  • Description updated (diff)

#2 Updated by sajolida over 4 years ago

  • Assignee set to sajolida
  • Priority changed from Elevated to Normal
  • Type of work changed from Code to User interface design

I'll work on this with Alan in 2016.

Next step is to propose a wireframe and interactions for that.

#3 Updated by intrigeri over 4 years ago

  • Subject changed from Add some GPG checks to Whisperback to Add some OpenPGP key checks to WhisperBack

#4 Updated by intrigeri over 4 years ago

  • Force user to provide armored public GPG key instead of just key ID (the keys are sometimes hard or impossible to fetch on the keyservers).

This feels like it might be a burden for those who are regularly reporting bugs and/or know their key is on the keyservers. Has it been considered to instead check for the key's availability on keyservers, when a key ID is provided by the user, before it's considered to be valid?

#5 Updated by sajolida over 4 years ago

That's a valid idea as well, thanks. I think this feature hasn't been careful design yet, so any input is welcome.

#6 Updated by BitingBird over 4 years ago

If we already have their key, they don't need to provide one at all.

#7 Updated by sajolida over 4 years ago

  • Description updated (diff)
  • Target version set to 2016

#8 Updated by sajolida over 4 years ago

  • Tracker changed from Bug to Feature
  • Description updated (diff)

#9 Updated by sajolida over 4 years ago

  • Description updated (diff)

#10 Updated by sajolida about 4 years ago

  • Description updated (diff)

#11 Updated by alant about 4 years ago

Proposal: when someons clicks "Add optional OpenPGP key":

- search the keyring for keys that corresponds to the provided email address and propose it. If there are several, let the user choose one, else, just ask for confirmation;
- if it fails, propose the user to search the key in the keyservers. If there are multiple matches, let the user choose one, else, just ask for confirmation;
- if it fails or the user discards the proposal, let the user enter an armored key block.

Then, read the key with a OpenPGP library, and verify it matches the email address.

#12 Updated by intrigeri about 4 years ago

  • Status changed from Confirmed to In Progress

#13 Updated by sajolida over 3 years ago

  • Related to Bug #11200: More feedback when adding OpenPGP key to WhisperBack report added

#14 Updated by sajolida over 3 years ago

  • Feature Branch set to https://tails.boum.orgblueprint/whisperback_for_frontdesk/

#15 Updated by intrigeri over 3 years ago

  • Blueprint set to https://tails.boum.org/blueprint/whisperback_for_frontdesk/

#16 Updated by intrigeri over 3 years ago

  • Feature Branch deleted (https://tails.boum.orgblueprint/whisperback_for_frontdesk/)

#17 Updated by Dr_Whax about 3 years ago

  • Description updated (diff)

#18 Updated by intrigeri about 3 years ago

  • Target version changed from 2016 to 2017

#19 Updated by BitingBird about 2 years ago

  • Target version deleted (2017)

removed from roadmap

#20 Updated by sajolida over 1 year ago

  • Assignee deleted (sajolida)
  • Priority changed from Normal to Low
  • Starter set to Yes

We have no plans of implementing this any time soon, so I'll remove it from my plate.

#21 Updated by u about 1 year ago

  • Related to Feature #12254: Explicit the need of armored (instead of binary) key in WhisperBack added

#22 Updated by u about 1 year ago

  • Subject changed from Add some OpenPGP key checks to WhisperBack to Only allow GPG keys that match the provided email in WhisperBack

BitingBird wrote:

  • Only allow GPG keys that match the provided email, because Schleuder doesn't allow to write encrypted emails to an address with a different key.

I'm rephrasing the ticket title accordingly.

  • Force user to provide armored public GPG key instead of just key ID (the keys are sometimes hard or impossible to fetch on the keyservers, and sometimes two keys share the same ID).

This is tackled in #12254.

#24 Updated by intrigeri 8 months ago

  • Subject changed from Only allow GPG keys that match the provided email in WhisperBack to Only allow OpenPGP keys that match the provided email in WhisperBack
  • Status changed from In Progress to Confirmed

Also available in: Atom PDF