Date: Thu, 19 Nov 2020 14:22:12 -0500 From: George Mitchell <george+freebsd@m5p.com> To: freebsd-hackers@freebsd.org Subject: Re: How is Thunderbird signing my emails? Message-ID: <edf490fd-e166-0173-04d0-ff3d1acd0852@m5p.com> In-Reply-To: <20201119171548.anb34fpeuij3liyr@nerd-thinkpad.local> References: <3e4179d0-f6c4-66a5-9628-b2ee95071858@FreeBSD.org> <7CB521CC-8B8D-4E06-BBE0-23FD58A2F79F@freebsd.am> <20201119171548.anb34fpeuij3liyr@nerd-thinkpad.local>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --13CJvmGTuU9akqrXyS1k7zH1nmyh6G3Nc Content-Type: multipart/mixed; boundary="zp7MTH2ij6xZTg9PhhTt6d6R6NfS8FIQN"; protected-headers="v1" From: George Mitchell <george+freebsd@m5p.com> To: freebsd-hackers@freebsd.org Message-ID: <edf490fd-e166-0173-04d0-ff3d1acd0852@m5p.com> Subject: Re: How is Thunderbird signing my emails? References: <3e4179d0-f6c4-66a5-9628-b2ee95071858@FreeBSD.org> <7CB521CC-8B8D-4E06-BBE0-23FD58A2F79F@freebsd.am> <20201119171548.anb34fpeuij3liyr@nerd-thinkpad.local> In-Reply-To: <20201119171548.anb34fpeuij3liyr@nerd-thinkpad.local> --zp7MTH2ij6xZTg9PhhTt6d6R6NfS8FIQN Content-Type: multipart/mixed; boundary="------------27E28617A44FDB675DA14B6B" Content-Language: en-US This is a multi-part message in MIME format. --------------27E28617A44FDB675DA14B6B Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable On 11/19/20 12:15 PM, Daniel Ebdrup Jensen wrote: > On Thu, Nov 19, 2020 at 04:05:40PM +0400, Antranig Vartanian wrote: >> I=E2=80=99m wondering if there are any alternative clients that Just = Works=20 and uses GnuPG keyring? >> >> Thanks in advance. >> >> Sent from my iPhone >> >>> On 19 Nov 2020, at 3:02 PM, Lev Serebryakov <lev@freebsd.org> wrote:= >>> >>> =EF=BB=BFOn 19.11.2020 5:52, George Mitchell wrote: >>> >>>> The Thunderbird people have integrated the functionality of Enigmai= l >>>> into Thunderbird itself. In the abstract, this sounds like a great= >>>> idea, because I believe that the more people use PGP signatures and= >>>> encryption, the better. But the concrete reality of the=20 implementation >>>> puzzles me in a couple of respects: >>> Concrete reality of the implementation is awful. It is not=20 replacement for Enigmail :-( >>> >>>> a. It's now inclined to attach my public key to every message I sen= d, >>>> unless I tell it it not to do that on a message-by-message basis=20 (under >>>> the "Security" menu in the message composition dialog). I can't fi= nd >>>> where I can globally disable this. >>> See https://bugzilla.mozilla.org/show_bug.cgi?id=3D1654950 - new=20 releases will have hidden setting for it. >>> >>>> b. More alarmingly, when it appends my PGP signature to my outgoing= >>>> messages, it is able to unlock my private key without asking for th= e >>>> passphrase. How is it doing this?? >>> New Thunderbird doesn't use GPG keyring, it imports all keys into=20 its own database (also it doesn't use Web Of Trust!). Private keys are=20 protected only by global profile password (did you have this one set?=20 I'm in doubt, it is rarely-used feature). So, if you account is without = global password, you imported private keys are not protected at all.=20 Good luck with that :-( >>> >>> -- >>> // Lev Serebryakov >>> _______________________________________________ >>> freebsd-hackers@freebsd.org mailing list >>> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers >>> To unsubscribe, send any mail to=20 "freebsd-hackers-unsubscribe@freebsd.org" >> _______________________________________________ >> freebsd-hackers@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers >> To unsubscribe, send any mail to=20 "freebsd-hackers-unsubscribe@freebsd.org" > > Hi folks, > > NeoMutt and GnuPG works well together, and NeoMutt can even render=20 html email by using w3m as a pager for the by setting 'auto_view=20 text/html' and putting the following into ~/.mailcap: > text/html; w3m -T text/html %s; nametemplate=3D%s.html; copiousoutput > > I've been using it on my FreeBSD laptop for both mailing lists,=20 FreeBSD development, and as a daily driver. > > Also, please think of this as a little reminder not to top-post on=20 mailing lists. :) > > Yours respectfully, > Daniel Ebdrup Jensen Thanks to all for the information. I've been pondering Signal for a while now (thanks to RW for the blog post about avoiding encrypted email altogether). -- George --------------27E28617A44FDB675DA14B6B-- --zp7MTH2ij6xZTg9PhhTt6d6R6NfS8FIQN-- --13CJvmGTuU9akqrXyS1k7zH1nmyh6G3Nc Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEENdM4ZHktsJW5kKZXwRES3m+p4fkFAl+2xeQFAwAAAAAACgkQwRES3m+p4fnJ oRAAu1i5VEkOx1UooH82kOUtsoV/2fiqz135EHdJ38uT2w7DsN1uZbiOlDUoF0emDtISRdIWApEl HTmbWKzMTRgV8qzt40PXnvlYPFarIy6Bc66NLGT+3+SpJmyeOVoUsLbNu6v6z2d7pJ+tWbqRWC8b nOE8ZEIIA0A5n5QSpvkMEGchVly+gKxJcBpEsREHrCotiptyC+BKBuYv9/fi5/UdI6dnnzv2T+sy O6YmQbZrkaQTL90WFBqTLZGz7F+J7TDgg8bXWA1ua1STdm2DFSyyoQ3x+eWIGIrESEQc+8gXOewI 4oJ1BaxXIjslVRakRu79fO/A4DmubtPgANAHeKTDuCJasCbU/4lHPIkcB9bHf6jDBTiPKrIygW7S Huza+vSpl4Rx/OEMt3uJs5NzmTnwpIGbQ823IQqNm9IOktqCS+y0S/OkTDmay/gcltTXxIdKlXjM BsSAvyCK1fAl4xd0UTwAmDMjSrXB5SVMliF/ScE2OFGkqS363jUkf/GcgpvhFmS1OqhnHoMy+B7k 8mcfAkbN5F9CZmnpqBGdCakTCNqVnZYs6NAEBw/B4sPLJQcjJ5EAGciEilz3IVSpnrFrPDjEVTY3 1Bu9Sk/thmPD+c3g43GOF6RwmLjrZ8LsZWfSOrFMeHCLchghHsJ/pa7I3QyIVklBi4GnfIq7nGKy D8c= =zByL -----END PGP SIGNATURE----- --13CJvmGTuU9akqrXyS1k7zH1nmyh6G3Nc--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?edf490fd-e166-0173-04d0-ff3d1acd0852>