Re: Thunderbird and end-to-end email encryption – should this be a priority?

Ronan Jouchet ronan at jouchet.fr
Tue Aug 25 17:58:48 UTC 2015


On 2015-25-08 15:57, Gervase Markham wrote:
>> The loss of functionality in encryption (such
>> as online search of your webmail, or loss of email content if
>> certificates are lost) will give an unacceptable user experience to the
>> vast majority of users” was the sense of the majority.
> I think that TB should store mail locally unencrypted, to avoid data
> loss if credentials are lost, and to allow local searching. In other
> words, the threat model of someone compromising your computer should be
> out of scope for Thunderbird - that should be mitigated with full disk
> encryption, etc.
Yes. To this point, adding one question: which one of these two
imperfect alternatives improves the most the current situation?

  * Users (that's at least me, several friends, and apparently someone
    answering on the blog post
    <https://blog.mozilla.org/thunderbird/2015/08/thunderbird-and-end-to-end-email-encryption-should-this-be-a-priority/#comment-907>)
    wanting encryption but dropping the ball altogether because the lack
    of searchability is too much of an hassle.
  * Users benefiting en masse from end-to end encryption and, yes, being
    vulnerable at the endpoint *if* they were not educated to use
    full-disk encryption.

I don't have numbers of the percentage of Tb users deterred by Enigmail
due to this serious usability regression, but I know I'd re-enable
Enigmail in a heartbeat if my email stayed searchable.

Ronan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20150825/629a7f01/attachment.html>


More information about the tb-planning mailing list