Date: Thu, 19 Nov 2020 16:05:40 +0400 From: Antranig Vartanian <antranigv@freebsd.am> To: lev@freebsd.org Cc: freebsd-hackers@freebsd.org Subject: Re: How is Thunderbird signing my emails? Message-ID: <7CB521CC-8B8D-4E06-BBE0-23FD58A2F79F@freebsd.am> In-Reply-To: <3e4179d0-f6c4-66a5-9628-b2ee95071858@FreeBSD.org> References: <3e4179d0-f6c4-66a5-9628-b2ee95071858@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I=E2=80=99m wondering if there are any alternative clients that Just Works a= nd uses GnuPG keyring? Thanks in advance.=20 Sent from my iPhone > On 19 Nov 2020, at 3:02 PM, Lev Serebryakov <lev@freebsd.org> wrote: >=20 > =EF=BB=BFOn 19.11.2020 5:52, George Mitchell wrote: >=20 >> The Thunderbird people have integrated the functionality of Enigmail >> into Thunderbird itself. In the abstract, this sounds like a great >> idea, because I believe that the more people use PGP signatures and >> encryption, the better. But the concrete reality of the implementation >> puzzles me in a couple of respects: > Concrete reality of the implementation is awful. It is not replacement for= Enigmail :-( >=20 >> a. It's now inclined to attach my public key to every message I send, >> unless I tell it it not to do that on a message-by-message basis (under >> the "Security" menu in the message composition dialog). I can't find >> where I can globally disable this. > See https://bugzilla.mozilla.org/show_bug.cgi?id=3D1654950 - new releases w= ill have hidden setting for it. >=20 >> b. More alarmingly, when it appends my PGP signature to my outgoing >> messages, it is able to unlock my private key without asking for the >> passphrase. How is it doing this?? > New Thunderbird doesn't use GPG keyring, it imports all keys into its own d= atabase (also it doesn't use Web Of Trust!). Private keys are protected only= by global profile password (did you have this one set? I'm in doubt, it is= rarely-used feature). So, if you account is without global password, you im= ported private keys are not protected at all. Good luck with that :-( >=20 > --=20 > // Lev Serebryakov > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7CB521CC-8B8D-4E06-BBE0-23FD58A2F79F>