Thunderbird and Efail
patrick at enigmail.net
Fri May 18 10:49:42 UTC 2018
On 18.05.18 09:02, Ben Bucksch wrote:
> Patrick Brunschwig wrote on 18.05.18 08:32:
>> On 17.05.18 20:26, Ben Bucksch wrote:
>>> Phillip Hallam-Baker wrote on 17.05.18 14:21:
>>>> What I think we need is to work out what the complete set of
>>>> roadblocks for ubiquitous use of S/MIME is and form a comprehensive
>>>> strategy that addresses them all or at least enough to get somewhere.
>>>> This will likely lead to an S/MIME+ specification or specification
>>>> profile similar to what WiFi is to 802.11b.
>>>> I will certainly make sure Thunderbird gets an invite.
>>> I think it would be nice for you, Patrick Brunschwig and me to get
>>> together and talk about this, some time, after eDail is over. Patrick,
>>> because he built the certificate creation dialog for enigmail (which is
>>> completely local), and me, because I designed the account creation dialog.
>>> My interest is to make this completely transparent without any further
>>> input from the end users. Completely automatic. Similar to how
>>> letsencrypt automatically configures the web server for https and
>>> answers the challenge, we should do the same. For letsencrypt, the user
>>> doesn't have to anything else than run the program, and it should be the
>>> same for email.
>> You're aiming into the same direction as Autocrypt
>> (https://autocrypt.org) which I co-authored.
> Am I reading that right that autocrypt makes the keys of my
> correspondance partner (Bob) discoverable automatically? That is a great
> idea, to put them into the email headers. That will be very useful.
> I was actually speaking about a different problem, the initial setup of
> the key, without any user interaction whatsoever.
That's also part of the spec. https://autocrypt.org/level1.html#id97
(Helping Users get started) says:
4. If no evidence for Autocrypt was found:
Create a key with default settings and without a password *in the
background*. Set your accounts[addr].prefer_encrypt to nopreference and
start sending Autocrypt headers.
More information about the tb-planning