Thunderbird and Efail
ben.bucksch at beonex.com
Fri May 18 07:02:30 UTC 2018
Patrick Brunschwig wrote on 18.05.18 08:32:
> On 17.05.18 20:26, Ben Bucksch wrote:
>> Phillip Hallam-Baker wrote on 17.05.18 14:21:
>>> What I think we need is to work out what the complete set of
>>> roadblocks for ubiquitous use of S/MIME is and form a comprehensive
>>> strategy that addresses them all or at least enough to get somewhere.
>>> This will likely lead to an S/MIME+ specification or specification
>>> profile similar to what WiFi is to 802.11b.
>>> I will certainly make sure Thunderbird gets an invite.
>> I think it would be nice for you, Patrick Brunschwig and me to get
>> together and talk about this, some time, after eDail is over. Patrick,
>> because he built the certificate creation dialog for enigmail (which is
>> completely local), and me, because I designed the account creation dialog.
>> My interest is to make this completely transparent without any further
>> input from the end users. Completely automatic. Similar to how
>> letsencrypt automatically configures the web server for https and
>> answers the challenge, we should do the same. For letsencrypt, the user
>> doesn't have to anything else than run the program, and it should be the
>> same for email.
> You're aiming into the same direction as Autocrypt
> (https://autocrypt.org) which I co-authored.
Am I reading that right that autocrypt makes the keys of my
correspondance partner (Bob) discoverable automatically? That is a great
idea, to put them into the email headers. That will be very useful.
I was actually speaking about a different problem, the initial setup of
the key, without any user interaction whatsoever.
> Khushil Mistry ("my" GSoC
> student) is working on some of the grounds to make this happen in Enigmail.
>> S/MIME has the advantage that we don't have to worry too much about lost
>> keys. SSL is build on that idea that you can just throw them away and
> Why do you think so? A lost key means lost access to old encrypted mails.
But fact of life is that most users will lose keys and harddrives and
That's been the major problem for all crypto deployment. Not being able
to read one's own mail is a major SNAFU that average Janes won't
forgive, and they'll just trash email entirely and use WhatsApp.
That's why I like this sentence in the Autocrypt spec
<https://autocrypt.org/level1.html>: "we want to avoid unreadable mail
for users. Users may mix both Autocrypt-capable and traditional mail
apps and they may lose devices or in other ways the ability to decrypt
in unrecoverable ways. Reverting to cleartext when we suspect such
situations is a key part of our aim to stay out of the way of users."
That's where PEP fails, namely when people uninstall PEP, or lose their
hardware device and keys. The users get encrypted mail that they can't read.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tb-planning