How is Thunderbird signing my emails?
Antranig Vartanian
antranigv at freebsd.am
Thu Nov 19 12:05:44 UTC 2020
I’m wondering if there are any alternative clients that Just Works and uses GnuPG keyring?
Thanks in advance.
Sent from my iPhone
> On 19 Nov 2020, at 3:02 PM, Lev Serebryakov <lev at freebsd.org> wrote:
>
> On 19.11.2020 5:52, George Mitchell wrote:
>
>> The Thunderbird people have integrated the functionality of Enigmail
>> into Thunderbird itself. In the abstract, this sounds like a great
>> idea, because I believe that the more people use PGP signatures and
>> encryption, the better. But the concrete reality of the implementation
>> puzzles me in a couple of respects:
> Concrete reality of the implementation is awful. It is not replacement for Enigmail :-(
>
>> a. It's now inclined to attach my public key to every message I send,
>> unless I tell it it not to do that on a message-by-message basis (under
>> the "Security" menu in the message composition dialog). I can't find
>> where I can globally disable this.
> See https://bugzilla.mozilla.org/show_bug.cgi?id=1654950 - new releases will have hidden setting for it.
>
>> b. More alarmingly, when it appends my PGP signature to my outgoing
>> messages, it is able to unlock my private key without asking for the
>> passphrase. How is it doing this??
> New Thunderbird doesn't use GPG keyring, it imports all keys into its own database (also it doesn't use Web Of Trust!). Private keys are protected only by global profile password (did you have this one set? I'm in doubt, it is rarely-used feature). So, if you account is without global password, you imported private keys are not protected at all. Good luck with that :-(
>
> --
> // Lev Serebryakov
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
More information about the freebsd-hackers
mailing list