Re: Thunderbird and end-to-end email encryption – should this be a priority?

Matt Harris unicorn.consulting at gmail.com
Wed Aug 26 00:46:51 UTC 2015


On 25/08/2015 7:01 PM, R Kent James wrote:
> This is the text from a blog post today on the Thunderbird blog:
>
> See 
> https://blog.mozilla.org/thunderbird/2015/08/thunderbird-and-end-to-end-email-encryption-should-this-be-a-priority/
>
> Should this be a focus for Thunderbird development?
>
>
I think we should focus on making s/mime a simple process before we get 
into upcoming or new end to end encryption.  Current processes require 
identifying the correct certificate in your browser and exporting it. 
(even though the link to retrieve the certificate is in an email)  Then 
in Thunderbird importing that same certificate. Cumbersome, difficult to 
explain to the neophyte and prone to error.  Then the certificate has to 
be set to be used on the account.  When I asked a group of Microsoft 
small business specialist about it's lack of use I was basically told 
"it is to hard".  They preferred web based solutions that required Zero 
intellect from the user.  So I think that unless we can make that 
preexisting process simple enough for my sister, then there is no hope 
of selling encryption. In any form.

Whilst s/mime has issues, is is widely supported by Mail Clients and 
s/mime encrypted messages to say Google can be read onsite if the 
relevant certificate is installed in the browser, or it could last time 
I checked.  It would also be a good toe in the water thing. if we can 
not make this user friendly then there is little future for encryption 
as the general public struggle with error messages that say the mail 
server rejected your message because the address was invalid.

As we are seeing with the Microsoft Family protection and some anti 
virus products .  There is a general movement to abrogate the local 
value of certificates, and the chain of trust they are based on by 
inserting your own (Name app here) signing authority.  But I still think 
we need to fix s/mime's usability before we go off on new security projects.

Does anyone know if the trustedbird project is still active, they might 
be good partners? It looks like they released 24.3 in June. 
https://adullact.net/frs/?release_id=5045&group_id=569

Matt

-- 
“Against stupidity the gods themselves contend in vain.” /― Friedrich 
von Schiller, Die Jungfrau von Orleans /
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20150826/d72e0e72/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4269 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20150826/d72e0e72/attachment.p7s>


More information about the tb-planning mailing list