From owner-freebsd-hackers@freebsd.org Thu Nov 19 11:01:39 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BFF362EF731 for ; Thu, 19 Nov 2020 11:01:39 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CcGvl58h4z4XDy for ; Thu, 19 Nov 2020 11:01:39 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from onlyone.not-for.work (onlyone.not-for.work [148.251.9.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: lev/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 8B9032C37 for ; Thu, 19 Nov 2020 11:01:39 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from [192.168.23.230] (unknown [89.113.128.32]) (Authenticated sender: lev@serebryakov.spb.ru) by onlyone.not-for.work (Postfix) with ESMTPSA id C1A982C3C for ; Thu, 19 Nov 2020 14:01:36 +0300 (MSK) Reply-To: lev@FreeBSD.org Subject: Re: How is Thunderbird signing my emails? To: freebsd-hackers@freebsd.org References: <9e617638-0bd9-52cd-c361-8d73633d9bab@m5p.com> From: Lev Serebryakov Organization: FreeBSD Message-ID: <3e4179d0-f6c4-66a5-9628-b2ee95071858@FreeBSD.org> Date: Thu, 19 Nov 2020 14:01:36 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.4.3 MIME-Version: 1.0 In-Reply-To: <9e617638-0bd9-52cd-c361-8d73633d9bab@m5p.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Nov 2020 11:01:39 -0000 On 19.11.2020 5:52, George Mitchell wrote: > The Thunderbird people have integrated the functionality of Enigmail > into Thunderbird itself.  In the abstract, this sounds like a great > idea, because I believe that the more people use PGP signatures and > encryption, the better.  But the concrete reality of the implementation > puzzles me in a couple of respects: Concrete reality of the implementation is awful. It is not replacement for Enigmail :-( > > a. It's now inclined to attach my public key to every message I send, > unless I tell it it not to do that on a message-by-message basis (under > the "Security" menu in the message composition dialog).  I can't find > where I can globally disable this. See https://bugzilla.mozilla.org/show_bug.cgi?id=1654950 - new releases will have hidden setting for it. > b. More alarmingly, when it appends my PGP signature to my outgoing > messages, it is able to unlock my private key without asking for the > passphrase.  How is it doing this?? New Thunderbird doesn't use GPG keyring, it imports all keys into its own database (also it doesn't use Web Of Trust!). Private keys are protected only by global profile password (did you have this one set? I'm in doubt, it is rarely-used feature). So, if you account is without global password, you imported private keys are not protected at all. Good luck with that :-( -- // Lev Serebryakov