Thunderbird and Pretty Easy Privacy - current status

Patrick Cloke patrick at cloke.us
Thu Feb 25 20:20:41 UTC 2016


Ben,

I'm not sure if you've been following the conversation, but the points
you've brought up have been discussed in depth before.

On 2/25/16 2:35 PM, Ben Bucksch wrote:
> Patrick Brunschwig wrote on 25.02.2016 16:09:
>> But, and this is most important, PEP "only" provides services that are
>> a) invisible to users, and
>> b) quite easily pluggable into an application via a clearly defined API.
>
> Backdoors and insecure designs are invisible, too :).
>
> This needs serious investigation - on protocol design and code level -
> before we can integrate it.
>
> We'll also need review from a wide crypto community.
We (the Thunderbird community) recognize this and also recognize that
we're not crypto experts (i.e. we're not in a place to do this).

> Gervase Markham wrote on 25.02.2016 16:59:
>> True, but it's hard to evaluate something you've never seen.
>
> Exactly. That's my point.
>
> The 2 projects should rather approach each other and work together,
> and in the process build mutual trust, than TB kicking back and
> waiting for a finished PEP product, and then simply saying yay/nay.
> That's not likely to be a fruitful process, IMHO.
We've been in discussions with pEp and have had conversations with them
about their technology. The keyword in the statement was an *alpha*
version. This implies that there is still time to change
direction/influence designs.

Note that some of us did see a version of pEp's software for Outlook
last fall, but how exactly it would work within Thunderbird has not been
discussed as a detailed plan nor as a prototype.

--Patrick


More information about the tb-planning mailing list