Bug 51798 - message decryption on demand via link in the mail (a la html rendering)
Summary: message decryption on demand via link in the mail (a la html rendering)
Status: RESOLVED FIXED
Alias: None
Product: kmail
Classification: Unmaintained
Component: GUI (show other bugs)
Version: unspecified
Platform: Compiled Sources Linux
: NOR wishlist
Target Milestone: ---
Assignee: kdepim bugs
URL:
Keywords:
: 63792 69177 (view as bug list)
Depends on:
Blocks:
 
Reported: 2002-12-12 11:03 UTC by Luciano Montanaro
Modified: 2009-08-20 00:47 UTC (History)
3 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Luciano Montanaro 2002-12-12 11:03:24 UTC
Version:           sconosciuto (using KDE 3.0.8 (KDE 3.1 beta2))
Installed from:    compiled sources
Compiler:          gcc version 2.95.3 20010315 (SuSE)
OS:          Linux (i686) release 2.4.18

Clicking on an encrypted message brings up a passphrase dialog.
This is annoying when browsing the mail folder, since it requires you to insert the password or cancel it.
I think a better solution would be to handle the message as HTML messages are handled now:
display the message raw, and insert in the header a button to dcrypt the message, together with a descriptive
text as:

Note: This is an encrypted message. You can decrypt it by clicking here.
Comment 1 Carsten Burghardt 2002-12-12 19:53:48 UTC
This is a wish because the current behaviour is definitely no bug. 
Comment 2 Stephan Kulow 2003-09-19 09:38:28 UTC
*** Bug 63792 has been marked as a duplicate of this bug. ***
Comment 3 Stephan Kulow 2003-09-19 09:39:53 UTC
this bug is no wish, it's one of the worst usablity bugs kmail has. It doesn't bother everyone 
as using encrypted mails isn't that common. But if you use them more often (as everyone 
should - and as I do :), then this bug is breaking your work flow majorly! 
Comment 4 Luciano Montanaro 2003-09-19 10:19:28 UTC
Well, I thought the same when I reported it. I have since then promised to myself to look  
for a solution, but 'I have not found the time' yet. But if nobody else fixes it, I'll try myself. 
 
Comment 5 Bernhard E. Reiter 2003-09-22 19:47:43 UTC
I consider it a wish. 
I have many emails which are encrypted. 
 
Running gpg-agent, I just enter you two passwords 
at the beginning of a session hitting the first emails 
 and then I use a sensible time to live 
in the cache setting, deleting gpg-agent when I close the session. 
 
Entering the password once every 30 minutes or whatever 
setting you choose does not seem overly disruptive to the user. 
Comment 6 Stephan Kulow 2003-09-22 21:32:10 UTC
sure it's a wish: don't go in the user's way. 
Comment 7 Luciano Montanaro 2003-09-23 04:39:05 UTC
Subject: Re:  Usability: passphrase dialog pops up too early

On Monday 22 September 2003 19:47, you wrote:

> ------- Additional Comments From bernhard@intevation.de  2003-09-22 19:47
> ------- I consider it a wish.
> I have many emails which are encrypted.
>
> Running gpg-agent, I just enter you two passwords
> at the beginning of a session hitting the first emails
>  and then I use a sensible time to live
> in the cache setting, deleting gpg-agent when I close the session.
>
> Entering the password once every 30 minutes or whatever
> setting you choose does not seem overly disruptive to the user.

But in this case you are trading your privacy for compfort. 
I could use a similar setting if I trusted the environment, but the fact that 
I receive an encrypted mail means I do not trust the environment too much.

However, I'd like to hilight the inconsistency of treatment of encrypted mail 
and html mail. HTML mail is diplayed raw by default, because of privacy 
concerns, while you propose to display a private mail - it is encrypted, so 
it IS private - without ever asking? 

The consitent way of handling this is to show the message raw, and let the 
user choose if he wants to decrypt the mail or not.

 
Comment 8 Bernhard E. Reiter 2003-10-02 12:25:31 UTC
I don't completely understand your line of proposed difficulties 
with the current status. 
 
 > But in this case you are trading your privacy for compfort.  
 > I could use a similar setting if I trusted the environment, but the fact that  
 > I receive an encrypted mail means I do not trust the environment too much.  
  
If you don't trust the environment, you should not read the encrypted emails 
there. If people can control your kmail while you are sitting in front of your 
computer, they will be able to read the emails they want to read anyway. 
They will just do a different crypto operation when you try to decrypt an email. 
The only case where a long time to life is suboptimal is, when you leave 
the machine, but in that case you can make your screensaver kill the gpg-agent. 
 
I'm not deeply in the HTML debate, but I was under the impression 
that HTML formatting itself can be malicious, which is not possible 
with the content of an encrypted email. So it would make sense to treat 
this differently. 
 
 
Comment 9 Luciano Montanaro 2003-10-02 14:00:30 UTC
Subject: Re:  Usability: passphrase dialog pops up too early

On Thursday 02 October 2003 12:25, you wrote:
> ------- You are receiving this mail because: -------
> You reported the bug, or are watching the reporter.
>
> http://bugs.kde.org/show_bug.cgi?id=51798
>
>
>
>
> ------- Additional Comments From bernhard@intevation.de  2003-10-02 12:25
> ------- I don't completely understand your line of proposed difficulties
> with the current status.
>
>  > But in this case you are trading your privacy for compfort.
>  > I could use a similar setting if I trusted the environment, but the fact
>  > that I receive an encrypted mail means I do not trust the environment
>  > too much.
>
> If you don't trust the environment, you should not read the encrypted
> emails there. If people can control your kmail while you are sitting in
> front of your computer, they will be able to read the emails they want to
> read anyway. They will just do a different crypto operation when you try to
> decrypt an email. The only case where a long time to life is suboptimal is,
> when you leave the machine, but in that case you can make your screensaver
> kill the gpg-agent.
>
> I'm not deeply in the HTML debate, but I was under the impression
> that HTML formatting itself can be malicious, which is not possible
> with the content of an encrypted email. So it would make sense to treat
> this differently.

Leaving this point aside, I still think current behaviour to be an usability 
bug.



Comment 10 Marc Mutz 2003-10-02 23:48:12 UTC
Sorry, but it's most definitely not a "critical" bug in the sense of "KDE 3.2 must be delayed if this 
is not fixed". Given that the release dude feels strongly about it, I've left it at major, but _please_, 
there are much more important fixes to do, some of which are reproduceable crashes... 
Comment 11 Stephan Kulow 2003-11-28 10:05:35 UTC
*** Bug 69177 has been marked as a duplicate of this bug. ***
Comment 12 Luciano Montanaro 2004-05-11 10:32:31 UTC
Still happens with current CVS. (I'm adding this note in response to the review
request.)
Comment 13 Till Adam 2004-12-28 13:59:55 UTC
Since with the current development version you can navigate across messages without selecting them via alt-left/right and since explicitely selecting a message via click should in our humble opinion prompt for decryption if the passphrase is not in memory and we will not change that anytime soon, I'm downgrading this to a wish for a decrypt on demand link in the mail similar to the html or external references ones. Adjusting the summary accordingly.
Comment 14 A T Somers 2005-01-31 11:15:33 UTC
This is not entirely true: If you select another mail folder, and the first message in that folder happens to hold an encrypted message, you still get the pin entry dialog. Also, when you (re)move a message from a mail folder, the current selection moves to the next message. If that message happens to be an encrypted message, you get the pin entry dialog pop up again.
I would be very much in favour of the html-link method proposed above, for as long as no password has been entered (and stored using gpg-agent). As soon as it is, displaying the message directly would be good, IMO. Typing in the passphrase *is* disrupting, especially since a PGP passphrase should be a lot longer and more complex than a normal password.
Comment 15 Thomas McGuire 2009-08-20 00:47:47 UTC
I consider this fixed, as we have the option "Attempt decryption of encrypted messages when viewing" now.
If that option is disabled, the mail viewer shows a link to decrypt the message.