*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Jamie Strandboge
(jdstrand):
Compose a message
do: Attach > Attach My Public Key
then the key is attached (good), but after 2-3 seconds suddenly a small
window appears:
no title
with message "Expoering key..."
and Cancel button
This has at least 3 WTFs imho:
1. this is confusing for user that this happens out of the blue
2. the window has no title and enigma description. What is being exporter, to
where, and why?
I *guess* it is trying to export the public key as well to public key server?
3. if so, then why it is exporting my public key without my confirmation? even
for public key this can be some security risk - or rather a privacy breach at
least - what if user do not want to put this key to public database (in example
to hide this email address from general public etc)
Solution:
please instead make a dialog box like for example:
Title: Public Key 0xABCD1234 <[EMAIL PROTECTED]> (Foo Bar) Auto-Export
Message:
In addition to attaching the key to this private email message,
would you also want to export your public key 0xABCDEF1234 <[EMAIL PROTECTED]>
(Foo Bar) to a public key server?
If you choose YES then anyone can easier download your key for more automatic
verification.
Do this only if you are sure that this key is generated correctly (you remember
the passphrase pasword).
Buttons:
Yes - this is my official public key, export to server
No - just attach to private email
Cancel
Cancel button will work as No, it will be for users confused by above
message box and will just do what they clicked "Attach My Public Key"
** Affects: kdepim (Ubuntu)
Importance: Undecided
Status: New
--
[kmail 4.1.2-0ubuntu2] shows "Exporting key..." window on Attach My Public Key
https://bugs.launchpad.net/bugs/299978
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
