Future OpenPGP Support in Thunderbird

Teemu Likonen tlikonen at iki.fi
Sat Oct 12 09:13:59 CEST 2019


Philipp Klaus Krause [2019-10-08T15:34:28+02] wrote:

> It would be really nice, if Thunderbird could add an option to use the
> gpg key storage instead of its own, [...]

I agree with that even though I have never really used Thunderbird.

But using a custom key storage and implementation (or do they use
Sequoia PGP library?) is an interesting choice in the world of Unix-like
systems. It's pretty much the normal way elsewhere, though.

PGP and GnuPG and the related communities have tried really hard to
build a system based on person's long-term identity keys. All that web
of trust thing relies on keys that are used relatively long time. But as
we know this doesn't work for most people. People are really bad at
maintaining long-term identity keys. I think this is the most important
reason why other software just auto-generate "device keys" or
"application keys" and exchange them. They just forget about the
identity part and keys' usage in the long term. Change your phone or
just reinstall the application and you'll have new keys. Keys come and
go and it's perfectly normal.
                                      
Thunderbird seems to be going to that direction and it is probably a
good thing. From the mindset of crypto nerds (like us) or Unixy tool box
this can be a barrier, obviously.

-- 
///  OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
//  https://keys.openpgp.org/search?q=tlikonen@iki.fi
/  https://keybase.io/tlikonen  https://github.com/tlikonen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 694 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20191012/23bf3f0d/attachment.sig>


More information about the Gnupg-users mailing list