Thunderbird and Efail
ben.bucksch at beonex.com
Thu May 17 18:26:18 UTC 2018
Phillip Hallam-Baker wrote on 17.05.18 14:21:
> What I think we need is to work out what the complete set of
> roadblocks for ubiquitous use of S/MIME is and form a comprehensive
> strategy that addresses them all or at least enough to get somewhere.
> This will likely lead to an S/MIME+ specification or specification
> profile similar to what WiFi is to 802.11b.
> I will certainly make sure Thunderbird gets an invite.
I think it would be nice for you, Patrick Brunschwig and me to get
together and talk about this, some time, after eDail is over. Patrick,
because he built the certificate creation dialog for enigmail (which is
completely local), and me, because I designed the account creation dialog.
My interest is to make this completely transparent without any further
input from the end users. Completely automatic. Similar to how
letsencrypt automatically configures the web server for https and
answers the challenge, we should do the same. For letsencrypt, the user
doesn't have to anything else than run the program, and it should be the
same for email.
S/MIME has the advantage that we don't have to worry too much about lost
keys. SSL is build on that idea that you can just throw them away and
start over. That's why it's inherently insecure, but that also means we
don't have to worry about manual key backup and manually writing down
We only need to worry about what happens, if the user uses 2 computers
or his phone at the same time. That's a problem that PEP has solved...
More information about the tb-planning