Thunderbird and Efail

Ben Bucksch ben.bucksch at
Thu May 17 18:26:18 UTC 2018

Phillip Hallam-Baker wrote on 17.05.18 14:21:
> What I think we need is to work out what the complete set of 
> roadblocks for ubiquitous use of S/MIME is and form a comprehensive 
> strategy that addresses them all or at least enough to get somewhere. 
> This ​will likely lead to an S/MIME+ specification or specification 
> profile similar to what WiFi is to 802.11b.
> I will certainly make sure Thunderbird gets an invite.

I think it would be nice for you, Patrick Brunschwig and me to get 
together and talk about this, some time, after eDail is over. Patrick, 
because he built the certificate creation dialog for enigmail (which is 
completely local), and me, because I designed the account creation dialog.

My interest is to make this completely transparent without any further 
input from the end users. Completely automatic. Similar to how 
letsencrypt automatically configures the web server for https and 
answers the challenge, we should do the same. For letsencrypt, the user 
doesn't have to anything else than run the program, and it should be the 
same for email.

S/MIME has the advantage that we don't have to worry too much about lost 
keys. SSL is build on that idea that you can just throw them away and 
start over. That's why it's inherently insecure, but that also means we 
don't have to worry about manual key backup and manually writing down 
passwords etc.

We only need to worry about what happens, if the user uses 2 computers 
or his phone at the same time. That's a problem that PEP has solved...


More information about the tb-planning mailing list