Future OpenPGP Support in Thunderbird

Binarus lists at binarus.de
Sun Oct 13 18:27:59 CEST 2019

On 08.10.2019 09:08, Patrick Brunschwig wrote:
> The Thunderbird developers have announced that they will implement
> OpenPGP support in Thunderbird 78 [1]. Support for Thunderbird in
> Enigmail will therefore be discontinued.
> [Snip]
> I will continue to support and maintain Enigmail for Thunderbird 68
> until 6 months after Thunderbird 78 will have been released (i.e. a few
> months beyond Thunderbird 68 EOL). Enigmail will not run anymore on
> Thunderbird 72 beta and newer.

IMHO, integrating PGP into TB in general is a good decision. However, I
have two concerns (being a naive user, and being far away from
understanding the technical aspects).

1) The schedule

We have all been educated to update our applications (notably, "internet
applications" like browser and email clients) as soon as updates are
available; at least, this is true for security updates.

Despite release plans, I think nobody knows for sure how much time
actually will pass between TB 72's predecessor and TB 78, and how many
security updates will be released between these versions.

During that time, I either can't use Enigmail (if I decide to install
the security updates), or I have to ignore the security updates
(possibly putting me to risk).

Did I understand this correctly?

I am not on a level that I would use GnuPG on the command line to
encrypt or authenticate my messages (encryption is fascinating, and if I
had the time, it would be a pleasure to dive deeply into this subject,
but for the time being, I just need it working), so I am dependent on
the TB / Enigmail duo (at least until TB 78).

2) The features

When integrating PGP into TB, IMHO great attention must be paid that
none of the important features of Enigmail / GnuPG get lost, not even in
the first version. The statement that the first implementation probably
will be "less feature-rich" than Enigmail (let alone GnuPG) really
frightens me and lets me expect all sorts of problems.

For example, even I (as a non-advanced user) recently had an issue where
I could not use PGP keys which were generated by Enigmail, because the
keys' IDs were formally wrong so that key servers didn't accept the
keys. The easiest possible solution was to re-generate these keys using
GnuPG on the command line (despite my statement above ...) and import
them into Enigmail.

This simple case shows that we actually need the full functionality of a
mature software package like GnuPG from the beginning on (note that my
problem was ridiculously simple, but even then I couldn't easily solve
it using Enigmail alone).

My feeling is that TB (and probably email encryption / authentication
per se) will lose a lot of users (including me) if the first
implementation lacks essential features, makes the encryption setup fail
due to common problems (like mine), or makes encryption unusable or
difficult in any other way.

By the way, being able to encrypt the subject of an encrypted message
also is one of the essential features (thanks, Patrick, and thanks,
Werner, that you finally have made this possible a while ago!) ...

Just my 2 cents ...



More information about the Gnupg-users mailing list