Hi all--

Today i have done several trial run-throughs, thunderbird 1:52.6.0-1+b1
+ enigmail 2:2.0~beta2-1 on debian testing/unstable.  I have a few
observations and recommendations about the setup wizard.

I chose the "standard configuration (recommended for beginners)".  all
the recommendations below are only for people using the wizard in
"standard mode".


 * New key creation password requirement.  Currently the wizard requires
   that the user enter a password of at least 8 characters.  It's not
   clear that treating this as a hard requirement is a good idea.
   Having the "password strength" meter gives the user some sense of how
   good their password is.  But perhaps we can let users make their own
   decisions about when their password is chosen.  There are legitimate
   "opportunistic" e-mail encryption approachs that discourage the use
   of passwords entirely.

   Recommendation: remove the hard requirement of 8 chars minimum.

 * The "create key" part of the dialog box has scrollbars, which makes
   it pretty awkward to use:

   Recommendation: resize the dialog box to not need the scrollbars

 * The text in the "create key" dialog box is quite a lot.  It's much
   more than any beginner who chose a standard configuration will
   probably read.

   Recommendation: Remove all of the current text.  Under the
   "Account/User ID" dropdown box, include something like this:

       Enigmail lets you send and receive end-to-end encrypted messages
       with this e-mail account.  Only this Enigmail profile will be
       able to read these encrypted messages.

       To protect these messages further, you can lock them with a
       password below.  All encrypted messages will be unreadable
       without the password.

   Optionally, we could hide the entire password-setting UI inside a
   collapsible frame labeled "Set end-to-end password"

   The text about umlauts and character classes should be shown only
   when the user enters a password that has the properties that it is
   warning about. (e.g. maybe the field that currently shows "passphrase
   should contain at least 8 characters")

 * The circled red+white X that shows when one of the password fields is
   bad is weirdly stretched.

   Recommendation: fix the aspect ratio of the image :)

 * The "passphrase should contain at least 8 characters" warning appears
   only after the user's focus *leaves* the password field, which is

   Recommendation: that warning box should be dynamically updated as the
   user types.

 * "Revocation Certificate Creation" -- it's awesome that enigmail
   encourages good key management practices, for those people who want
   to explicitly mangae their keys, but it's really frustrating for a
   "standard" configuration to not be able to proceed until a revocation
   certificate is generated.

   Recommendation: make "Create a revocation certificate" an optional
   button available during an earlier phase of the dialog box (maybe
   next to the "Set end-to-end password" collapsible choice recommended
   above?).  This would allow the user to choose a location for the
   revocation cert early in the process if they want it.  Do not force
   the user to generate a revocation certificate (modern versions of
   GnuPG auto-generate a revocation certificate anyway).

 * When i click the "Create Revocation Certificate" button, i get a
   popup dialog box saying "The revocation certificate could not be
   created", with a "close" button.  When i click "close", it takes me
   to a file chooser.  Then i choose a file, and it shows me the same
   "revocation certificate could not be created" dialog box.  I can
   cycle between these things indefinitely.

   When i finally tire of this, the only option left to me is to cancel
   the wizard.  It prompts me with something like "are you sure you want
   to cancel the wizard?" with choices of "close" or "continue".  I feel
   bad because i do want to continue, but i choose "close".   Then, when
   i go back into the Setup Wizard via the Enigmail submenu, it just
   asks me to choose a key (my now-existent key is present, so i choose
   it), and then it tells me i'm done (without offering to create a
   revocation certificate).

   Recommendation: for those people who want to save a revocation
   certificate, make sure that the file save actually works. Looking in
   the debug log, i don't see any problem with revocation cert
   generation on the GnuPG side, and i don't see anything else in the
   enigmail logs after revocation to indicate why things are failing:

2018-03-07 19:07:52.001 [CONSOLE] enigmail> /usr/bin/gpg --charset utf-8 
--display-charset utf-8 --no-auto-check-trustdb --no-tty --status-fd 1 
--logger-fd 1 --command-fd 0 -a -o /home/tester/xx.asc --gen-revoke 
2018-03-07 19:07:52.033 [DEBUG] keyEdit.jsm: GpgEditorInterface.processLine: 
'[GNUPG:] KEY_CONSIDERED 32D8967BEF29B980029E5E29F730CBF596C0AFB4 0'
2018-03-07 19:07:52.033 [DEBUG] keyEdit.jsm: GpgEditorInterface.processLine: 
'[GNUPG:] GET_BOOL gen_revoke.okay'
2018-03-07 19:07:52.034 [DEBUG] keyEdit.jsm: GpgEditorInterface.writeLine: 'Y'
2018-03-07 19:07:52.036 [DEBUG] keyEdit.jsm: GpgEditorInterface.processLine: 
2018-03-07 19:07:52.036 [DEBUG] keyEdit.jsm: GpgEditorInterface.processLine: 
'[GNUPG:] GET_LINE ask_revocation_reason.code'
2018-03-07 19:07:52.036 [DEBUG] keyEdit.jsm: GpgEditorInterface.writeLine: '1'
2018-03-07 19:07:52.038 [DEBUG] keyEdit.jsm: GpgEditorInterface.processLine: 
2018-03-07 19:07:52.038 [DEBUG] keyEdit.jsm: GpgEditorInterface.processLine: 
'[GNUPG:] GET_LINE ask_revocation_reason.text'
2018-03-07 19:07:52.038 [DEBUG] keyEdit.jsm: GpgEditorInterface.writeLine: ''
2018-03-07 19:07:52.040 [DEBUG] keyEdit.jsm: GpgEditorInterface.processLine: 
2018-03-07 19:07:52.040 [DEBUG] keyEdit.jsm: GpgEditorInterface.processLine: 
'[GNUPG:] GET_BOOL ask_revocation_reason.okay'
2018-03-07 19:07:52.041 [DEBUG] keyEdit.jsm: GpgEditorInterface.writeLine: 'Y'
2018-03-07 19:07:52.043 [DEBUG] keyEdit.jsm: GpgEditorInterface.processLine: 
2018-03-07 19:07:52.119 [DEBUG] keyEdit.jsm: GpgEditorInterface.processLine: 
'[GNUPG:] PINENTRY_LAUNCHED 29499 gnome3:curses 1.1.0 - - localhost:10.0'
2018-03-07 19:07:52.123 [DEBUG] keyRing.jsm: updateKeys(0xF730CBF596C0AFB4)
2018-03-07 19:07:52.123 [DEBUG] keyRing.jsm: 
2018-03-07 19:07:52.123 [DEBUG] keyRing.jsm: getKeyById: 0xF730CBF596C0AFB4
2018-03-07 19:07:52.123 [DEBUG] keyRing.jsm: loadKeyList( null)
2018-03-07 19:07:52.123 [DEBUG] keyRing.jsm: obtainKeyList
2018-03-07 19:07:52.124 execution.jsm: execStart: command = /usr/bin/gpg 
--charset utf-8 --display-charset utf-8 --no-auto-check-trustdb --batch 
--no-tty --status-fd 2 --with-fingerprint --fixed-list-mode --with-colons 
--list-keys, needPassphrase=false, domWindow=null, listener=[object Object]
2018-03-07 19:07:52.124 [CONSOLE] enigmail> /usr/bin/gpg --charset utf-8 
--display-charset utf-8 --no-auto-check-trustdb --batch --no-tty --status-fd 2 
--with-fingerprint --fixed-list-mode --with-colons --list-keys
2018-03-07 19:07:52.126 [DEBUG]   enigmail> DONE
2018-03-07 19:07:52.146 [DEBUG] keyRing.jsm: loadKeyList: got pubkey lines: 7
2018-03-07 19:07:52.146 [DEBUG] keyRing.jsm: obtainKeyList
2018-03-07 19:07:52.146 execution.jsm: execStart: command = /usr/bin/gpg 
--charset utf-8 --display-charset utf-8 --no-auto-check-trustdb --batch 
--no-tty --status-fd 2 --with-fingerprint --fixed-list-mode --with-colons 
--list-secret-keys, needPassphrase=false, domWindow=null, listener=[object 
2018-03-07 19:07:52.147 [CONSOLE] enigmail> /usr/bin/gpg --charset utf-8 
--display-charset utf-8 --no-auto-check-trustdb --batch --no-tty --status-fd 2 
--with-fingerprint --fixed-list-mode --with-colons --list-secret-keys
2018-03-07 19:07:52.149 [DEBUG]   enigmail> DONE
2018-03-07 19:07:52.161 [DEBUG] keyRing.jsm: loadKeyList: got seckey lines: 8
2018-03-07 19:07:52.161 [DEBUG] keyRing.jsm: createAndSortKeyList()
2018-03-07 19:07:52.170 [DEBUG] keyRing.jsm: getKeyById: F730CBF596C0AFB4
2018-03-07 19:07:52.171 [DEBUG] enigmailKeyManager.js: buildKeyList
2018-03-07 19:07:52.171 [DEBUG] keyEdit.jsm: GpgEditorInterface.onComplete: 
2018-03-07 19:07:52.171 [DEBUG] keyEdit.jsm: GpgEditorInterface.onComplete: 
returning exitCode 2
2018-03-07 19:07:52.316 [DEBUG] enigmailCommon.jsm: dispatchEvent f=resizeDlg
2018-03-07 19:08:39.911 [DEBUG] enigmailMessengerOverlay.js: 

 * System charset:

   looking at the logs, i see the following:

     2018-03-07 19:18:18.293 [DEBUG] system.jsm: determineSystemCharset: 

   This is just wrong.  Everything about my operating system is
   configured with UTF-8, not iso-8859-1.  I haven't read system.jsm to
   see how it determines this result, but it's 2018.

   Recommendation: enigmail should default to UTF-8 if there is any
   uncertainty about the system charset.

I hope this is useful feedback!


Attachment: signature.asc
Description: PGP signature

enigmail-users mailing list
To unsubscribe or make changes to your subscription click here:

Reply via email to