Do not reset peerstate if the message is encrypted and signed with the current autocrypt key #3844
Comments
I believe we should keep the Autocrypt (or encryption) state even if a message is just signed. In the scope of #3778 the encryption is enabled right upon on a receipt of message with a key attachment because in absence of capability of smth like "prefer-encrypt" attribute that's the best we can do (btw, it's worth checking that the message is signed with the attached key). So, i suggest keeping this logic for further communication. Moreover, consider the following scenario:
Obviously, we shouldn't reset the encryption state if this happens. |
|
Makes sense, also in groups when the user does not have keys of all recipients and can't encrypt because of this, the signature may be an indicator that the user wants to use OpenPGP nevertheless. Whether the message is encrypted or not does not matter then, we can always use the signature as a signal that user has the key and therefore will be able to decrypt our reply.
True, maybe then #3778 logic can be merged with this one so that an attached key is stored as a key with |
…ted or signed with the current autocrypt key (#3844) Note that if the message is encrypted, we don't check whether it's signed with an attached key currently, otherwise a massive refactoring of the code is needed because for encrypted messages a signature is checked and discarded first now.
…ted or signed with the current autocrypt key (#3844) Note that if the message is encrypted, we don't check whether it's signed with an attached key currently, otherwise a massive refactoring of the code is needed because for encrypted messages a signature is checked and discarded first now.
…ted or signed with the current autocrypt key (#3844) Note that if the message is encrypted, we don't check whether it's signed with an attached key currently, otherwise a massive refactoring of the code is needed because for encrypted messages a signature is checked and discarded first now.
…ted or signed with the current autocrypt key (#3844) Note that if the message is encrypted, we don't check whether it's signed with an attached key currently, otherwise a massive refactoring of the code is needed because for encrypted messages a signature is checked and discarded first now.
…ted or signed with the current autocrypt key (#3844) Note that if the message is encrypted, we don't check whether it's signed with an attached key currently, otherwise a massive refactoring of the code is needed because for encrypted messages a signature is checked and discarded first now.
…ted or signed with the current autocrypt key (#3844) Note that if the message is encrypted, we don't check whether it's signed with an attached key currently, otherwise a massive refactoring of the code is needed because for encrypted messages a signature is checked and discarded first now.
…ted or signed with the current autocrypt key (#3844) Note that if the message is encrypted, we don't check whether it's signed with an attached key currently, otherwise a massive refactoring of the code is needed because for encrypted messages a signature is checked and discarded first now.
…with the known key (#3844) Note that if the message is encrypted, we don't check whether it's signed with an attached key currently, otherwise a massive refactoring of the code is needed because for encrypted messages a signature is checked and discarded first now.
…with the known key (#3844) Note that if the message is encrypted, we don't check whether it's signed with an attached key currently, otherwise a massive refactoring of the code is needed because for encrypted messages a signature is checked and discarded first now.
…with the known key (#3844) Note that if the message is encrypted, we don't check whether it's signed with an attached key currently, otherwise a massive refactoring of the code is needed because for encrypted messages a signature is checked and discarded first now.
|
Done, but note that if the message is encrypted, we don't check whether it's signed with an attached key |
…ted (#3844) This way we don't need a separate code path for signatures validation for unencrypted messages. Also, now we degrade encryption only if there are no valid signatures, so the code for upgrading encryption back isn't needed.
…ted (#3844) This way we don't need a separate code path for signatures validation for unencrypted messages. Also, now we degrade encryption only if there are no valid signatures, so the code for upgrading encryption back isn't needed.
…ted (#3844) This way we don't need a separate code path for signatures validation for unencrypted messages. Also, now we degrade encryption only if there are no valid signatures, so the code for upgrading encryption back isn't needed.
…ted (#3844) This way we don't need a separate code path for signatures validation for unencrypted messages. Also, now we degrade encryption only if there are no valid signatures, so the code for upgrading encryption back isn't needed.
Uh oh!
There was an error while loading. Please reload this page.
#3778 allows to establish encrypted chat with Thunderbird by sending a message with an attached key from Thunderbird to Delta Chat. But if Thunderbird user then sends an encrypted and signed message without the attached key, Delta Chat will reset Autocrypt peerstate and send the next message unencrypted.
The proposal is to keep Autocrypt state if the message is Autocrypt-encrypted.
This requires changing mimeparser to postpone updating the peerstate until the message is decrypted, because currently we reset the peerstate immediately when we see that there is no Autocrypt header.
cc @iequidoo @hpk42 @missytake
The text was updated successfully, but these errors were encountered: