90 Barriers to Encrypted Email

Axel Grude axel.grude at gmail.com
Tue Sep 2 14:35:13 UTC 2014


just an observation, as an on-and-off user of Enigmail; this is not so much about 
setup, than day to day use:

1. passphrases are cumbersome things - it should be possible to store this in the 
password manager
2. master passwords are also cumbersome - I have one in Firefox because of the 
plethora of important passwords I store there (I trust my own PC); but I do not use 
one in Thunderbird. I implicately trust Tb as desktop application and leave the 
security to my Windows logon.

If would be just fantastic if Tb could be configured to transparently show encrypted 
mails without asking for the passphrase (or use master password to fill it in). 
Otherwise this will be experienced as "yet another extra step" between the user and 
the email (and being asked for a passphrase every hour) - and the good intentions of 
wanting to use encryption will soon be overridden by the usability issues.

I also think that master password handling could possibly be improved; I have an addon 
"QuickPasswords" which is a context-sensitive one-click solution to resolve missing 
passwords, but it always uses the built in "Password List" which can be viewed as 
"intrusive" to the workflow - it works for Firefox as I have 100s of logins, but in 
mail there should be only a few. A "security area" on the toolbar that makes it 
possible to lock/unlock might be a nicer concept, if you like I can come up with some 
UI ideas on this.

The other thing that makes the concept of encryption hard to use is that fact that (at 
the moment) unencrypted and encrypted mails seen to be entirely disconnected things, 
how can they be presented in a "friendlier" way? E.g. display of public keys in form 
of a "calling card" instead of a massive blob of random text - just make it less 
frightening to the average user and "hide all the wires".

I think it is really important to make the day to day use of encryption on the desktop 
as effortless as possible, otherwise it just won't be widely accepted.


*Axel <mailto:axel.grude at gmail.com>*
Software Developer
Thunderbird Add-ons Developer (QuickFolders, quickFilters, QuickPasswords, Zombie 
Keys, SmartTemplate4)
AMO Editor Get Thunderbird!

*To:* Dave Jarvis, Paul.syverson, Tb-planning at mozilla.org - dave.jarvis at gmail.com, 
Paul.Syverson at nrl.navy.mil, tb-planning at mozilla.org
*From: *Jb Piacentino <jb at mozilla.com>
*Sent: *Tuesday, 02/09/2014 14:28:24 14:28 GMT ST +0100 [Week 36]
*Subject:* Re: 90 Barriers to Encrypted Email
> Hi Dave,
> Thank you for you note and thoughts. I am cc'ing the Thunderbird community mailing 
> list for possible follow-up.
> Jb
> On 01/09/2014 01:59, Dave Jarvis wrote:
>> Hi,
>> Some of my friends' comments when asked if they'd use encrypted email:
>>     "I would if there were a significant benefit. The biggest problem is
>> that of critical mass: why bother setting up encrypted email if nobody
>> else encrypts their email (or even knows how to decrypt it)?"
>>     "Some of my friends suggested that the disadvantages outweighed the
>> advantages. But I'd definitely support efforts to make encryption in
>> email standard or merely more common. The challenge as usual is
>> backwards compatibility in dealing with a mix of people who do and don't
>> use encryption--especially with the danger of known plaintext attacks if
>> someone frequently messes up and replies to an encrypted email in
>> plaintext with the whole decrypted message quoted in plaintext."
>>     "I would with friends who also did."
>> Thinking I could convince more of my friends to use encrypted email, I
>> documented the steps to send an encrypted email, from start to finish:
>> http://davidjarvis.ca/encryption/
>> The steps tally around 90 (many installation wizard steps were omitted).
>> Each step is a barrier to success. The remainder of this email outlines
>> a possible flow that would greatly simplify exchanging encrypted emails
>> for first-time users.
>> If Mozilla or Enigmail is unable/unwilling to provide this, then perhaps
>> it is something the Tor folks could tackle?
>> 1. Download Thunderbird.
>> 2. Click the Thunderbird Setup executable.
>> 3. Click Run.
>> 4. *NEW* "Enable confidential emails" is checked by default.
>> 5. *NEW* "Run Thunderbird after installing" is checked by default.
>> 6. *NEW* "I have an existing email address" is checked by default.
>> 7. *NEW* Click "Install" (note: not "Next, Next, Next, Next, Next, Next,
>> ad nauseam, Install, Finish").
>> At this point, the following events happen without user intervention:
>> - The software installs Thunderbird, GPG (bundled), and Enigmail.
>> - The installer exits.
>> - Thunderbird starts.
>> Since "I have an email address" was checked:
>> 1. Type in Name.
>> 2. Type in Email address.
>> 3. Type in password.
>> 4. Click Continue.
>> At this point, for known mail servers (such as GMail, Hotmail, Yahoo
>> Mail, etc.), the default IMAP and POP3 settings are tested and accepted
>> automatically. (This could even be attempted for unknown MX servers.)
>> The user needn't confirm the settings unless something went awry.
>> *NEW* Thunderbird automatically:
>> - Downloads Inbox contents.
>> - Imports email address contacts (this is needed later).
>> Since "Enable confidential emails" was checked, the Enigmail wizard appears.
>> 1. *NEW* "I need a secret key" is checked by default.
>> 2. User is prompted to write down a secret Passphrase on a piece of
>> paper (16+ characters, numbers, symbols).
>> 3. Type in the Passphrase.
>> 4. Type in confirmation Passphrase.
>> 5. Click Continue.
>> At this point, the system:
>> - Notifies user to wait several minutes, and not to exit the
>> application. (Does not state anything about a randomness pool: people
>> don't care.)
>> - *NEW* Moves the progress towards completion (never remains fixed for
>> more than a tenth of a second, no matter what).
>> - *NEW* Automatically replenishes the pool using intermittent I/O, and
>> random network pings (e.g., to random.org, google.com, their MX server,
>> and a few others). No need to ask the user to do this...
>> - *NEW* Certificate is automatically generated and saved to the Desktop.
>> *NEW* The Enigmail wizard continues:
>> 1. *NEW* "Upload public key" is checked.
>> 2. *NEW* The Keyserver "pgp.mit.edu" is selected.
>> 3. Click Finish.
>> *NEW* In the background, Enigmail searches and downloads all public keys
>> in the user's contact list using the collected email addresses.
>> Alternatively, Enigmail does this one at a time when sending emails, if
>> the public key was not already retrieved (to prevent swamping the
>> Keyservers).
>> This means that all public keys should be listed in the Enigmail Key
>> Management tool. Currently, if I sent a message to a friend, then looked
>> at the managed keys, the key is not listed. There is no (obvious) way to
>> verify that their public key was used to encrypt the message. If the key
>> was automatically downloaded, used for encryption, and added to the
>> managed keys, then I could confirm that the key was used (or at least
>> downloaded).
>> When I send an email that can be encrypted with the recipient's public
>> key, a little lock icon should appear next to their email address.
>> Hovering over the lock icon should reveal a tooltip. The tooltip should
>> let me know that their public key is being used to encrypt the message.
>> In this fashion, I can write a message to several people and know who
>> will receive an encrypted copy and who will not (e.g., Jb Piacentino and
>> Paul Syverson). It also let's me verify what public key is being used.
>> Lastly, it would relieve the necessity of prompting to confirm public
>> keys being matched to the number of recipients.
>> This reduces the number of steps from ~90 to ~13 for first time users,
>> thereby nearly passing the "grandmother test". Users can configure
>> Thunderbird and Enigmail afterwards should default settings be insufficient.
>> IMHO, email encryption remains well beyond average user capability.
>> Significantly reducing the number of steps by bundling the major
>> software components should greatly increase (mainstream) adoption.
>> Dave
>> CC: GPG and Tor developer leads.
> _______________________________________________
> tb-planning mailing list
> tb-planning at mozilla.org
> https://mail.mozilla.org/listinfo/tb-planning

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20140902/b6082d11/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: thunderbird_blog2.png
Type: image/png
Size: 846 bytes
Desc: not available
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20140902/b6082d11/attachment.png>

More information about the tb-planning mailing list