Open vitgum opened 4 years ago
You can't turn off Autocrypt in K-9 Mail 5.6+ (short of disabling encryption for the account).
A communication partner changing their key is not an error in Autocrypt. It is something that is expected to happen in practice. Right now we don't support manually verifying keys to set an extended trust level. There's not really a point in warning that a key that has been trusted automatically the first time has now changed.
Thanks for your reply. Why cannot I turn off autocrypt and fall back to regular behaviour with signature checking?
July 8, 2020 4:41:52 PM UTC, cketti notifications@github.com пишет:
You can't turn off Autocrypt in K-9 Mail 5.6+ (short of disabling encryption for the account).
A communication partner changing their key is not an error in Autocrypt. It is something that is expected to happen in practice. Right now we don't support manually verifying keys to set an extended trust level. There's not really a point in warning that a key that has been trusted automatically the first time has now changed.
-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/k9mail/k-9/issues/4870#issuecomment-655630732
This is a complicated topic. As cketti mentioned, before changing trusted keys can be considered, we need to have a useful model of verification first.
The problem this comes down to is that the concept of "verifying keys" we implemented in OpenKeychain doesn't really make much sense - a key can only be verified in the context of a given communication peer (i.e. email address). And OpenKeychain on its own doesn't have that context.
I believe the right way to do this would be to allow verification of email/key bindings in K-9 Mail, and indicate an error state for emails where this doesn't match with an option to update the binding. Daniel Gultsch described this as blind trust before verification.
Alas, this is a big task, and there is currently noone to put in the work.
Hello Vincent,
Thanks for your explanation. Current implementation in K9 is logically equivalent to the absence of signature at all. So I agree with you, that mail clients should somehow to inform the user of the wrong / new key used for the signature.
Anyway, you guys are doing great job popularizing mail encryption with K9/autocrypt. Thank you!
Jul 11, 2020 19:57:01 Vincent Breitmoser notifications@github.com:
This is a complicated topic. As cketti mentioned, before changing trusted keys can be considered, we need to have a useful model of verification first.
The problem this comes down to is that the concept of "verifying keys" we implemented in OpenKeychain doesn't really make much sense - a key can only be verified in the context of a given communication peer (i.e. email address). And OpenKeychain on its own doesn't have that context.
I believe the right way to do this would be to allow verification of email/key bindings in K-9 Mail, and indicate an error state for emails where this doesn't match with an option to update the binding. Daniel Gultsch described this as blind trust before verification[https://gultsch.de/trust.html].
Alas, this is a big task, and there is currently noone to put in the work.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub[https://github.com/k9mail/k-9/issues/4870#issuecomment-657058855], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AAQKPVNRM6QGDPSYD3WXRMTR3BORTANCNFSM4OUW672Q]. [https://github.com/notifications/beacon/AAQKPVNZDRCOVPLXK4A2AHTR3BORTA5CNFSM4OUW6722YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOE4U6YJY.gif]
Please search to check for an existing issue (including closed issues, for which the fix may not have yet been released) before opening a new issue: https://github.com/k9mail/k-9/issues?q=is%3Aissue
Expected behavior
If counter party has changed his/her gpg key, this should somehow be shown to the user. 1) if Autocrypt mode is ON then the email message display should contain something like "Key has been changed" and K9 should put the new key into Open keychain automatically
2) if Autocrypt mode is OFF then the email message display should contain something like "Key has been changed" and K9 should propose to add the update the key for this counterparty in Open Keychain manually
Actual behavior
Tell us what happens instead In both cases (Autocrypt ON and OFF) K9 does not display any warnings regarding the change of the key and the new key is being added into the Open Keychain
Steps to reproduce
Environment
K-9 Mail version: 5.717
Android version: 9
Account type (IMAP, POP3, WebDAV/Exchange): IMAP
Please take some time to retrieve logs and attach them here: