Re: Thunderbird and end-to-end email encryption – should this be a priority?
patrick at cloke.us
Wed Aug 26 13:08:56 UTC 2015
On 8/25/15 9:39 PM, Joshua Cranmer 🐧 wrote:
> On 8/25/2015 4:31 AM, R Kent James wrote:
>> Should this be a focus for Thunderbird development?
> I'm going to be a surprising voice and opine "no."
> End-to-end email encryption is a very hard problem, one with no real
> clear solution. It is way too easy for us to overpromise and
> underdeliver in this regard, particularly with looming Mozilla disasters
> such as removal of XPCOM. We don't really have the technical expertise
> in our developer base to be able to propose any radical solutions, and
> we largely don't have the contacts or administrator knowledge to bring
> in other stakeholders for new proposed protocols.
> That's not to say we should be doing nothing. There are pain points when
> using today's security UI that are well within our ability to fix (such
> as being able to search encrypted messages), and we should be receptive
> to ideas and experiments here (although implementing untested protocols
> in core Thunderbird is where I would draw the line).
> Joshua Cranmer
(This might not have been clear in my previous post.) I agree with Joshua.
We don't have the expertise to propose radical solutions or to design a
new cryptographic protocol. We do, however, have the ability to make the
current encryption mechanisms as easy as possible for our users. That is
something we *should* strive for! (And be open to new ideas and
More information about the tb-planning