Future OpenPGP Support in Thunderbird

Mark H. Wood mwood at iupui.edu
Sat Oct 12 14:07:58 CEST 2019

On Sat, Oct 12, 2019 at 10:13:59AM +0300, Teemu Likonen via Gnupg-users wrote:
> Philipp Klaus Krause [2019-10-08T15:34:28+02] wrote:
> > It would be really nice, if Thunderbird could add an option to use the
> > gpg key storage instead of its own, [...]
> I agree with that even though I have never really used Thunderbird.
> But using a custom key storage and implementation (or do they use
> Sequoia PGP library?) is an interesting choice in the world of Unix-like
> systems. It's pretty much the normal way elsewhere, though.
> PGP and GnuPG and the related communities have tried really hard to
> build a system based on person's long-term identity keys. All that web
> of trust thing relies on keys that are used relatively long time. But as
> we know this doesn't work for most people. People are really bad at
> maintaining long-term identity keys. I think this is the most important
> reason why other software just auto-generate "device keys" or
> "application keys" and exchange them. They just forget about the
> identity part and keys' usage in the long term. Change your phone or
> just reinstall the application and you'll have new keys. Keys come and
> go and it's perfectly normal.

That would be one of the reasons why I tend to avoid "other software".
My primary use-case is identity, not secrecy.  I am not alone: quite a
few employers are at last discovering crypto signatures in their
efforts to combat spear-phishing, and spending quite a bit of money
and effort to deploy them.  (I accept that most of them are using
S/MIME rather than OpenPGP, but that's a detail; identity is important.)

> Thunderbird seems to be going to that direction and it is probably a
> good thing. From the mindset of crypto nerds (like us) or Unixy tool box
> this can be a barrier, obviously.

Humph, I was already grumpy about Mozilla products' insistence on
having their own insular X.509 store, meaning that I have to install
certificates twice (once for Firefox, again for *everything else*.)

Maybe there will be an add-on, so that those who care can choose to
integrate Thunderbird into their systems rather than having it still
standing off to one side haughtily awaiting special treatment.

Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20191012/cce4f262/attachment.sig>

More information about the Gnupg-users mailing list