Future OpenPGP Support in Thunderbird

Binarus lists at binarus.de
Wed Oct 16 10:47:33 CEST 2019

On 14.10.2019 16:15, Jeff Allen via Gnupg-users wrote:
>> I don't know either, but perhaps it is in the debug logs the Enigmail
>> team analyzes?
> I have used Enigmail since its inception and have never knowingly
> submitted a log or answered a survey and have always assumed Enigmail
> does not phone home.

I am sure that it doesn't phone home. However, to give an example, I had
a problem some years ago where Enigmail didn't work correctly any more
when a certain other extension was installed, or vice versa. I published
that problem somewhere (can't remember exactly) and got the advice to
turn on Enigmail debugging and send the debug log to a certain email
address or to publish it (again, can't remember). Of course, I followed
that advice (after having examined the log file and having convinced
myself that there was no critical data in it, as expected).

I suppose that the Enigmail team gets quite a lot of such debug logs.
But I still can't tell (and currently don't have the time to
investigate) if those logs can tell which keys had been generated by
Enigmail and which had been generated externally, so the whole thing was
a guess anyway.

>>>> The vast majority of users also don't use GnuPG for
>>>> anything else than email. These users don't care where their key is
>>>> stored, nor which software under the hood is used for the crypto. All
>>>> they care is that encryption works smoothly.
>>> And this?
>> I am also not sure about this. As far as it concerns Windows, the first
>> part of the statement may be true.
> All the statements might be true.  My question was "How do you know?"

Good point. I see.

>> I am not sure where this will lead to. It sounds as if you were
>> suggesting to give up on privacy, encryption and authentication for that
>> reason.
> Not at all.  My point was that I doubt OpenPGP's inclusion in
> Thunderbird will have a major impact on the number of people encrypting
> their email

I think that even a minor impact would be desirable. The problem is: If
it is done wrong (essential features missing, e.g. subject encryption,
no exchange of keys with external tools, no hardware token support
etc.), it could prevent a large part of today's encryption users from
using encryption in the future, i.e. it even could reduce encryption

Personally, I am not sure what I'd do if the integration of PGP in TB
would be broken (i.e. no subject encryption, no control over key
generation and so on). Theoretically, I could move to another MUA which
provides a reasonable workflow for PGP, but due to pressure of time and
due to flaws or missing features in other MUAs I eventually would have
to stick with TB, even if I couldn't reasonably use PGP any more.

>> While I agree with you that this problem exists and is quite difficult
>> to solve (eventually it needs another decade), I am absolutely sure that
>> bad and difficult software will make it worse, but good and usable
>> software will help in solving it. The fact that the problem exists does
>> not mean that nobody should try to solve it by providing easier-to-use,
>> fully integrated software with reasonable default settings.
> Here we disagree.  I believe that existing software is not that
> difficult to use.  The problem, if there is one, is that most people
> simply aren't interested.  Twenty years ago I thought that everyone
> would soon be using end-to-end encrypted email.  Twenty years from now
> they still won't be.

Here the integration could really help. For example, keys could be
automatically generated whenever a new email account is created in TB.
Then, when sending the first message using that account, a dialog could
popup asking the user:

"We already have completely setup your PGP keys. Do you want to
authenticate this and further messages, and do you want to attach your
public key to each message so that the correspondents can encrypt their
replies to you, and do you want to upload your public key to server
x.y.z so that everybody can send you encrypted messages and can verify
your signature?"

I bet that 80% of users would answer this dialog by clicking "Yes", and
I think this would really help.

But once again, if too many features are missing in the integration,
this will throw back email encryption prevalence by one or two decades
because TB / Enigmail presumably is the most widespread software for
email encryption, and I am not sure how many users could move to another
MUA if PGP is broken / not fully usable in TB.

>> There are many reasons to think so (the following applies to ProtonMail
>> as well as Tutanota):
>> 1) To actually use those services in a reasonable manner, you have to
>> opt-in for a paid contract. For most of us, this is a matter of
>> principle. Why should we pay for a thing that used to be free all the
>> time? (Note: I don't want to judge that attitude - I am just stating how
>> it is).
> <snip>
> But "free" email has never been free from the likes of Gmail, Yahoo,
> GMX, etc.  While you don't pay a yearly fee, you trade your privacy for
> a few bucks.  You open yourself to tracking and targeted advertising.
> Your email is anything but private.  A couple years back both Google and
> Yahoo claimed to be working on E2EE.  I wonder why it never happened?
> The free versions of ProtonMail, Tutanota and Mailfence at least
> preserve your privacy.  They aren't monetized through advertising and
> tracking.  Instead they sell premium services to people who want more
> capacity or features.  Many people I know do email exclusively on their
> smart phones.  They don't use an MUA and don't care about POP3, IMAP or
> SMTP. Their view of using email services in a reasonable manner doesn't
> comport with yours or mine.

Correct, but (as I wrote) I didn't want to judge the attitude; I just
wanted to show how it works. Many users reflexively close web pages
immediately as soon as they recognize a $ sign (except online shops and
TV / movie / music sites, of course).

> I hope I am wrong and Thunderbird's OpenPGP implementation is a complete
> success encouraging many more people to encrypt their email.  I would,
> however, personally prefer that Thunderbird directly implement GnuPG
> integration instead of going it alone.  That would satisfy both casual
> and power users as Enigmail does now.
> Will Thunderbird OpenPGP support smart cards like my Yubikey?  How about
> a feature like GnuPG's group line or Enigmail's per-recipient rules?
> In-line PGP as well as PGP/MIME?  Encrypted subject and the ability to
> turn it on or off?  As far as I know, they are all features of GnuPG or
> Enigmail and not required by the OpenPGP specification.
> Patrick and company deserve our thanks for many years splendid service
> to the OpenPGP community.  So does Werner and his team who created and
> maintain a tool that has satisfied a wide range of users for decades. I
> doubt that yet another proprietary OpenPGP system is what the world needs.

You are speaking out of my heart. Many years ago, I appreciated
Mozilla's decision to provide their own root certificates and
certificate management, because I trusted them much more than Microsoft.

But when it comes to PGP integration, making their own thing for sure is
counter-productive. What Werner and Patrick have created is mature and
completely trustworthy and surely can't be outranked in the foreseeable

Not wanting to make users install additional software isn't a reasonable
argument for re-inventing the wheel, because AFAIK nothing prevents
people from bundling GnuPG with TB in the same installer, and I bet that
even installing these two packages into the same directory and letting
them use the same registry subkeys technically wouldn't be a problem (I
am speaking of Windows here).

So why not take Enigmail, integrate it into TB, and bundle Gpg4Win setup
with TB setup? All software they ever could develop themselves will be
inferior compared to that package, at least in the first time.



More information about the Gnupg-users mailing list