Docs central, with 'Email Self-Defence'

John Clizbe John at
Mon Jun 16 00:17:56 CEST 2014

Kristy Chambers wrote:
> Although some people would probably deny, that it's not the job
> to provide a good tutorial about using gpg for e-mail-security
> with some other gpg-related software like Enigmail+Thunderbird, I would
> really appreciate it. Bad tutorials on the web reaffirm my thoughts on
> that. Actually I think it would be really cool, if there are official
> statements/comments about gpg-related software. This could maybe help
> users decision of trusting some gpg-related software or the developers.
> It could also probably put software developers under pressure, who are
> writing wrong software. Enigmail is the best example for that. Many
> people are relying on that piece of software. Many (wrong) tutorials on
> the web are talking about Thunderbird+Enigmail. The documentation of it
> is not that bad I think, but could be better, but the most annoying
> thing is that Enigmail is broken by default because of the default trust
> of all keys. Who if not GnuPG-experts should write good,
> easily-understandable tutorials about the practical use of gpg by
> beginners for e-mail-encryption?

Hi, Kristy,

Have you tried the Thunderbird/Seamonkey-Enigmail documentation written by the
Enigmail folks?

If you have specific issues with enigmail, would you please address them to
the enigmail-users mailing list, mailto://
You'll need to subscribe or your posts will be held for moderation.
To unsubscribe or make changes to your subscription click here:

In the present team's twelfth year, we're now "broken by default." Broken for
whom precisely? The default trust of all keys has recently been discussed
(again). Search both the enigmail-user and gnupg-user list archives.

Setting defaults comes down to a decision of how high to set the bar for
enabling a new user to encrypt email. "Crypto training-wheels" seems an apt
analogy. One needs them at first but later they can be removed.

Setting defaults to values that make using the extension simple enough for the
beginner is often at odds to what "experts" desire. Given the often XOR nature
of the two groups, we as a team tend to choose defaults in favor of the
beginners. As they learn, they can make the changes to more secure settings.
More knowledgeable users can make the changes when installing Enigmail.

Thank you for your opinion. We hope to see you on enigmail-users.

John P. Clizbe                      Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP                  or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://  or
     mailto:pgp-public-keys at

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 395 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140615/e73884ad/attachment-0001.sig>

More information about the Gnupg-users mailing list