[Enigmail] Future OpenPGP Support in Thunderbird
321942 at gmail.com
Tue Oct 8 20:39:24 CEST 2019
"Hernâni Marques (p≡p foundation)" <hernani.marques at pep.foundation> wrote:
> On 08.10.19 18:37, Dmitry Alexandrov wrote:
>> Pity, but I hope it will be better that way. In particular I hope, that Mozilla will not follow your example and won’t entice users to proprietary isolated keyserver  instead of distributed SKS network thus splitting the keybase. And won’t promote standards  that suspiciously resemble embrace-extend-and-extinguish tactics employed against PGP either.
>>  https://keys.openpgp.org
>>  https://pep.security
> pEp is not against PGP it's just PGP-supporting as much as it makes sense for interop reasons
Well, I’m glad to hear that, but it’s really a pity, that supporting Autocrypt does not make sense for you.
> and goes beyond email already today; and it's designed from the very beginning on to support other crypto[formats] as well (agnosticism on messaging & crypto[format])
A double pity in light of your decision to not only support but actually _prefer_ other cryptoformats over PGP whenever possible for the sake of ‘forward secrecy’  — that’s when Autocrypt is exactly the extension to PGP that can provide forward secrecy, if needed.
| How does p≡p select the most secure way of sending an email or a message?
| When a p≡p user is communicating with another p≡p user:
| 1. if online communication available: OTR through GNUnet.
| 2. if online communication not available:
| a. if anonymizing platform available, OpenPGP through anonymizing platform (i.e. Qabel),
| b. if anonymizing platform not available, fallback to OpenPGP.
| When a p≡p user is communicating with a non-p≡p user then depending on the capabilities of the non-p≡p user:
| 1. if anonymizing and forward secrecy is possible, use that (i.e. OTR over GNUnet).
| 2. if anonymizing but no forward secrecy is possible, use that (i.e. OpenPGP over Qabel).
| 3. if forward secrecy is possible, use that (i.e. OTR).
| 4. if hard cryptography but no forward secrecy is possible, use that (i.e. OpenPGP)
| 5. if only weak cryptography is possible, use that (i.e. S/MIME with commercial CAs)
| 6. send unencrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 487 bytes
Desc: not available
More information about the Gnupg-users