When composing a message, the user needs to be in control of the following attributes

• type of email security, s/mime or openpgp
• digitally sign, or don't sign
• encrypt or don't encrypt the message body
• also encrypt the message subject?
• which public keys of other people are used when encrypting
• for which recipients a key is unavailable, is available (and what's the trust status), or have uncertainty/ambiguity

Potentially the UI elements used to control the above could be shown in a way that is consistent with the display for received message, as also explained in bug 1595227.

The user should be made aware of the following

• overall information if encryption with either s/mime or openpgp is possible (automatically computed based on availability of keys)
• if it is a reply to an encrypted message, or if it is forwarding an encrypted message

An overall hint, based on default settings.

If the user isn't yet set up to use openpgp or s/mime, the configuration area in the header could be used to encourage the user to do so (the details should probably be tracked in bug 1595234).

The composer window has a toplevel menu item "view / message security info". It seems useful to keep this, for any information that we cannot present the user in the always-visible UI space.

Today, it's only used for S/MIME. It should be changed to cover relevant OpenPGP information, for such messages.

There's already two toplevel menu items "options / encrypt" and "options / sign", which is only used for S/MIME.

In addition, Enigmail introduces its own top level menu item, and offers two equivalent settings. Obviously, we should have only one set of those options.

In the composer window, the user controllable settings that I mentioned in the previous comment, should be configurable using both graphical elements, and for accessibility, also by using menu items. We have to decide where those should live, either inside the Options dropdown menu, or by introducing a new toplevel menu item e.g. named "security".

Let's see which items the Enigmail menu offers (in addition to the above):

• type of encryption: s/mime, openpgp mime, openpgp inline. Yes, we need that (at least offering the first two).
• encrypt/protect subject: yes
• trust keys: we'll probably want to implement that differently, but we'll need some sort of managing for the correspondent's keys that should be used
• attach public keys: yes
• key management: maybe move to tools menu for consistency with main window (message reader)
• clear passphrase / per recipient rules / about / help: drop

Our work on bug 1627956 will solve this.