Re: Thunderbird and end-to-end email encryption – should this be a priority?

Gervase Markham gerv at
Tue Aug 25 15:57:42 UTC 2015

On 25/08/15 02:31, R Kent James wrote:
> See

I think the answer is yes, but I think we need to do more than integrate
Enigmail more tightly.

Local email clients will always be attractive to people who want to keep
hold of their own data. Such people may well also be interested in not
having that data snooped on or secretly subpoenaed. However, there have
been many wise articles pointing out that the usability of PGP email is
terrible, and I think it's more complicated than just choosing good
defaults. There are key distribution problems and revocation problems,
and the web of trust is a massive public metadata repo about who knows who.

We need to think more creatively - whether that's new email protocols
which conceal more metadata (like Darkmail) or getting Let's Encrypt to
start supporting email certificates and doing something based on S/MIME
instead, with automatic certificate reputation management based on
number of interactions.

> consensus was that this is a non-issue. “Anyone who can access your
> files using interception technology can more easily just grab your
> computer from your house.

That's simply not true. Grabbing computers from your house requires
people on the ground, and it's not scalable to millions of people.

 The loss of functionality in encryption (such
> as online search of your webmail, or loss of email content if
> certificates are lost) will give an unacceptable user experience to the
> vast majority of users” was the sense of the majority.

I think that TB should store mail locally unencrypted, to avoid data
loss if credentials are lost, and to allow local searching. In other
words, the threat model of someone compromising your computer should be
out of scope for Thunderbird - that should be mitigated with full disk
encryption, etc.


More information about the tb-planning mailing list