| Summary: | message decryption on demand via link in the mail (a la html rendering) | ||
|---|---|---|---|
| Product: | [Unmaintained] kmail | Reporter: | Luciano Montanaro <mikelima> |
| Component: | GUI | Assignee: | kdepim bugs <kdepim-bugs> |
| Status: | RESOLVED FIXED | ||
| Severity: | wishlist | CC: | ismail, lathander, nik |
| Priority: | NOR | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Compiled Sources | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed In: | ||
| Sentry Crash Report: | |||
|
Description
Luciano Montanaro
2002-12-12 11:03:24 UTC
This is a wish because the current behaviour is definitely no bug. *** Bug 63792 has been marked as a duplicate of this bug. *** this bug is no wish, it's one of the worst usablity bugs kmail has. It doesn't bother everyone as using encrypted mails isn't that common. But if you use them more often (as everyone should - and as I do :), then this bug is breaking your work flow majorly! Well, I thought the same when I reported it. I have since then promised to myself to look for a solution, but 'I have not found the time' yet. But if nobody else fixes it, I'll try myself. I consider it a wish. I have many emails which are encrypted. Running gpg-agent, I just enter you two passwords at the beginning of a session hitting the first emails and then I use a sensible time to live in the cache setting, deleting gpg-agent when I close the session. Entering the password once every 30 minutes or whatever setting you choose does not seem overly disruptive to the user. sure it's a wish: don't go in the user's way. Subject: Re: Usability: passphrase dialog pops up too early On Monday 22 September 2003 19:47, you wrote: > ------- Additional Comments From bernhard@intevation.de 2003-09-22 19:47 > ------- I consider it a wish. > I have many emails which are encrypted. > > Running gpg-agent, I just enter you two passwords > at the beginning of a session hitting the first emails > and then I use a sensible time to live > in the cache setting, deleting gpg-agent when I close the session. > > Entering the password once every 30 minutes or whatever > setting you choose does not seem overly disruptive to the user. But in this case you are trading your privacy for compfort. I could use a similar setting if I trusted the environment, but the fact that I receive an encrypted mail means I do not trust the environment too much. However, I'd like to hilight the inconsistency of treatment of encrypted mail and html mail. HTML mail is diplayed raw by default, because of privacy concerns, while you propose to display a private mail - it is encrypted, so it IS private - without ever asking? The consitent way of handling this is to show the message raw, and let the user choose if he wants to decrypt the mail or not. I don't completely understand your line of proposed difficulties with the current status. > But in this case you are trading your privacy for compfort. > I could use a similar setting if I trusted the environment, but the fact that > I receive an encrypted mail means I do not trust the environment too much. If you don't trust the environment, you should not read the encrypted emails there. If people can control your kmail while you are sitting in front of your computer, they will be able to read the emails they want to read anyway. They will just do a different crypto operation when you try to decrypt an email. The only case where a long time to life is suboptimal is, when you leave the machine, but in that case you can make your screensaver kill the gpg-agent. I'm not deeply in the HTML debate, but I was under the impression that HTML formatting itself can be malicious, which is not possible with the content of an encrypted email. So it would make sense to treat this differently. Subject: Re: Usability: passphrase dialog pops up too early On Thursday 02 October 2003 12:25, you wrote: > ------- You are receiving this mail because: ------- > You reported the bug, or are watching the reporter. > > http://bugs.kde.org/show_bug.cgi?id=51798 > > > > > ------- Additional Comments From bernhard@intevation.de 2003-10-02 12:25 > ------- I don't completely understand your line of proposed difficulties > with the current status. > > > But in this case you are trading your privacy for compfort. > > I could use a similar setting if I trusted the environment, but the fact > > that I receive an encrypted mail means I do not trust the environment > > too much. > > If you don't trust the environment, you should not read the encrypted > emails there. If people can control your kmail while you are sitting in > front of your computer, they will be able to read the emails they want to > read anyway. They will just do a different crypto operation when you try to > decrypt an email. The only case where a long time to life is suboptimal is, > when you leave the machine, but in that case you can make your screensaver > kill the gpg-agent. > > I'm not deeply in the HTML debate, but I was under the impression > that HTML formatting itself can be malicious, which is not possible > with the content of an encrypted email. So it would make sense to treat > this differently. Leaving this point aside, I still think current behaviour to be an usability bug. Sorry, but it's most definitely not a "critical" bug in the sense of "KDE 3.2 must be delayed if this is not fixed". Given that the release dude feels strongly about it, I've left it at major, but _please_, there are much more important fixes to do, some of which are reproduceable crashes... *** Bug 69177 has been marked as a duplicate of this bug. *** Still happens with current CVS. (I'm adding this note in response to the review request.) Since with the current development version you can navigate across messages without selecting them via alt-left/right and since explicitely selecting a message via click should in our humble opinion prompt for decryption if the passphrase is not in memory and we will not change that anytime soon, I'm downgrading this to a wish for a decrypt on demand link in the mail similar to the html or external references ones. Adjusting the summary accordingly. This is not entirely true: If you select another mail folder, and the first message in that folder happens to hold an encrypted message, you still get the pin entry dialog. Also, when you (re)move a message from a mail folder, the current selection moves to the next message. If that message happens to be an encrypted message, you get the pin entry dialog pop up again. I would be very much in favour of the html-link method proposed above, for as long as no password has been entered (and stored using gpg-agent). As soon as it is, displaying the message directly would be good, IMO. Typing in the passphrase *is* disrupting, especially since a PGP passphrase should be a lot longer and more complex than a normal password. I consider this fixed, as we have the option "Attempt decryption of encrypted messages when viewing" now. If that option is disabled, the mail viewer shows a link to decrypt the message. |