Opportunistic encryption (was: Thunderbird 78, Enigmail and OpenPGP secure email)
ben.bucksch at beonex.com
Wed Oct 9 17:20:10 UTC 2019
Thank you for your wise position on this. I'm glad to see that we have
crypto competence on board, with you and Patrick Brunschwig.
I completely agree with what you wrote there. It is the right choice,
given the current circumstances.
Here is a potential problem:
> For users who prefer to avoid unencrypted email completely, we might
> offer an advanced configuration, that could require all outgoing email
> to be encrypted, either using any available key, or by requiring the
> use of confirmed keys, only.
I am concerned by such an option. If some advanced or security-conscious
Thunderbird users would enable this, find keys for me, and I would not
be able to read my own mail.
You mention exactly my reason later:
> Once a user distributes their own key to others, they’ve opened
> Pandora’s box. Others might discover the keys later and send encrypted
> email at any time in the future. If the key has been lost, either
> because the computer broke and no backups of they are available, or
> because the user forgot the passphrase that was used to protect the
> key, the incoming encrypted email cannot be read. Also, if the key has
> been lost, the archive of encrypted email that’s still available on
> your mail server can no longer be read either.
I am in that position. I have multiple keys on key servers, because I
sign software. However, I read mail on multiple email clients. Mostly
Thunderbird, but also on Android (where TB doesn't exist). I do not wish
to put the valuable PGP keys that I use to sign software on my cell
phone just to read mail.
There's even a worse situation: An attacker might create a PGP key for
the victim (a normal unsuspecting user that never used Thunderbird nor
GPG), put it on a key server, and Thunderbird users would fetch the key,
encrypt mail to the victim, and the victim would not be able to read her
own mail anymore. So, such opportunistic encryption creates new attack
scenarios, comparable to a DoS (Denial of service) attack, but it would
be in the design and permanent. At least for such senders that enable
such a Thunderbird feature. That's why such a feature is problematic.
More information about the tb-planning