Opportunistic encryption (was: Thunderbird 78, Enigmail and OpenPGP secure email)

Ben Bucksch ben.bucksch at beonex.com
Wed Oct 9 17:20:10 UTC 2019


Thank you for your wise position on this. I'm glad to see that we have 
crypto competence on board, with you and Patrick Brunschwig.

I completely agree with what you wrote there. It is the right choice, 
given the current circumstances.

Here is a potential problem:

> For users who prefer to avoid unencrypted email completely, we might 
> offer an advanced configuration, that could require all outgoing email 
> to be encrypted, either using any available key, or by requiring the 
> use of confirmed keys, only. 

I am concerned by such an option. If some advanced or security-conscious 
Thunderbird users would enable this, find keys for me, and I would not 
be able to read my own mail.

You mention exactly my reason later:

> Once a user distributes their own key to others, they’ve opened 
> Pandora’s box. Others might discover the keys later and send encrypted 
> email at any time in the future. If the key has been lost, either 
> because the computer broke and no backups of they are available, or 
> because the user forgot the passphrase that was used to protect the 
> key, the incoming encrypted email cannot be read. Also, if the key has 
> been lost, the archive of encrypted email that’s still available on 
> your mail server can no longer be read either. 

I am in that position. I have multiple keys on key servers, because I 
sign software. However, I read mail on multiple email clients. Mostly 
Thunderbird, but also on Android (where TB doesn't exist). I do not wish 
to put the valuable PGP keys that I use to sign software on my cell 
phone just to read mail.

There's even a worse situation: An attacker might create a PGP key for 
the victim (a normal unsuspecting user that never used Thunderbird nor 
GPG), put it on a key server, and Thunderbird users would fetch the key, 
encrypt mail to the victim, and the victim would not be able to read her 
own mail anymore. So, such opportunistic encryption creates new attack 
scenarios, comparable to a DoS (Denial of service) attack, but it would 
be in the design and permanent. At least for such senders that enable 
such a Thunderbird feature. That's why such a feature is problematic.

More information about the tb-planning mailing list