How is Thunderbird signing my emails?
George Mitchell
george+freebsd at m5p.com
Thu Nov 19 19:22:21 UTC 2020
On 11/19/20 12:15 PM, Daniel Ebdrup Jensen wrote:
> On Thu, Nov 19, 2020 at 04:05:40PM +0400, Antranig Vartanian wrote:
>> I’m wondering if there are any alternative clients that Just Works
and uses GnuPG keyring?
>>
>> Thanks in advance.
>>
>> Sent from my iPhone
>>
>>> On 19 Nov 2020, at 3:02 PM, Lev Serebryakov <lev at freebsd.org> wrote:
>>>
>>> On 19.11.2020 5:52, George Mitchell wrote:
>>>
>>>> The Thunderbird people have integrated the functionality of Enigmail
>>>> into Thunderbird itself. In the abstract, this sounds like a great
>>>> idea, because I believe that the more people use PGP signatures and
>>>> encryption, the better. But the concrete reality of the
implementation
>>>> puzzles me in a couple of respects:
>>> Concrete reality of the implementation is awful. It is not
replacement for Enigmail :-(
>>>
>>>> a. It's now inclined to attach my public key to every message I send,
>>>> unless I tell it it not to do that on a message-by-message basis
(under
>>>> the "Security" menu in the message composition dialog). I can't find
>>>> where I can globally disable this.
>>> See https://bugzilla.mozilla.org/show_bug.cgi?id=1654950 - new
releases will have hidden setting for it.
>>>
>>>> b. More alarmingly, when it appends my PGP signature to my outgoing
>>>> messages, it is able to unlock my private key without asking for the
>>>> passphrase. How is it doing this??
>>> New Thunderbird doesn't use GPG keyring, it imports all keys into
its own database (also it doesn't use Web Of Trust!). Private keys are
protected only by global profile password (did you have this one set?
I'm in doubt, it is rarely-used feature). So, if you account is without
global password, you imported private keys are not protected at all.
Good luck with that :-(
>>>
>>> --
>>> // Lev Serebryakov
>>> _______________________________________________
>>> freebsd-hackers at freebsd.org mailing list
>>> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>>> To unsubscribe, send any mail to
"freebsd-hackers-unsubscribe at freebsd.org"
>> _______________________________________________
>> freebsd-hackers at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>> To unsubscribe, send any mail to
"freebsd-hackers-unsubscribe at freebsd.org"
>
> Hi folks,
>
> NeoMutt and GnuPG works well together, and NeoMutt can even render
html email by using w3m as a pager for the by setting 'auto_view
text/html' and putting the following into ~/.mailcap:
> text/html; w3m -T text/html %s; nametemplate=%s.html; copiousoutput
>
> I've been using it on my FreeBSD laptop for both mailing lists,
FreeBSD development, and as a daily driver.
>
> Also, please think of this as a little reminder not to top-post on
mailing lists. :)
>
> Yours respectfully,
> Daniel Ebdrup Jensen
Thanks to all for the information. I've been pondering Signal for a
while now (thanks to RW for the blog post about avoiding encrypted
email altogether). -- George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20201119/a8fe36c5/attachment.sig>
More information about the freebsd-hackers
mailing list