Thunderbird and Pretty Easy Privacy - current status

Sebastian sebix at
Sat Feb 27 15:14:50 UTC 2016


On 02/27/2016 12:31 PM, Volker Birk wrote:
> If you'll have a look on p≡p's business homepage, it's this:
Thanks for pointing this out. There are so many pEp-websites out there
:) One about the product, the project and the foundation.

Your mail also addresses some issues I raised in my mail on this topic,
which I wrote before yours arrived (because of list moderation?).

> Please check the certificate. You'll see that's the Let's encrypt compromize.
> But there is a very good reason to have a CAcert for the source code: actually,
> this is one of the only concepts for X.509, which really can transport trust.
> And accessing the source code of a security relevant software is a thing where
> a MITM is a relevant attack vector.
>> It might be a sad day,  but our users are not privacy oriented,  bug savy or
>> contributors.
> I'm fully agreeing to this statement. But it's sad exactly the same way, that
> the same users don't care for the source code. And if you'll have a look on
> what is using a CAcert, it's just the source code, nothing else. Everything
> where you have to just click to get it to work is using  Let's encrypt – for
> the exact reason you're giving here.
>> Is P=P based on using certificates from a CA that can not get itself
>> integrated into Firefox?
> No. p≡p in no way is dependent on CAcert. Hernani is working on a whitepaper
> about how p≡p is working. We've it now in the review process. After it's ready,
> I will give a note here.
> Yours,
> VB.
> _______________________________________________
> tb-planning mailing list
> tb-planning at
> -- 
> python programming - mail server - photo - video -
> cryptographic key at and on public keyservers

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the tb-planning mailing list