TB weirdness
Bernhard Reiter
bernhard at intevation.de
Thu Feb 24 10:36:35 CET 2022
Am Donnerstag 17 Februar 2022 17:35:53 schrieb Robert J. Hansen via
Gnupg-users:
> Thunderbird doesn't use GnuPG.
For some operations it still can (be configured to do so).
Anyway, we do have a wiki page for hints
https://wiki.gnupg.org/EMailClients/Thunderbird
> However, for those who do:
> apparently, Thunderbird is a big fan of attaching public certificates
> (and/or revocation certificates, for revoked keys) to outgoing emails
> for *every private certificate on your keyring*, regardless of whether
> that private key is actually associated with the account in question.
>
> This has the potential to leak personal information, especially if
> you're in a use case where you have two or more keys presenting
> different pseudonymous identities. Without knowing it, you might
> accidentally reveal you're the common actor behind both.
Sounds like a defect to me, do you have a problem report ticket with
Thunderbird or a forum entry which described the problem in more detail
(like which version is affected).
Overall I believe that attaching pubkeys (like autocrypt proposes) is not a
good idea (the arguments put forward elsewhere).
Thanks for your warning, what about if we put it on our wiki page?
Regards,
Bernhard
--
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220224/97d73f55/attachment.sig>
More information about the Gnupg-users
mailing list