Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 19 Nov 2020 14:22:12 -0500
From:      George Mitchell <george+freebsd@m5p.com>
To:        freebsd-hackers@freebsd.org
Subject:   Re: How is Thunderbird signing my emails?
Message-ID:  <edf490fd-e166-0173-04d0-ff3d1acd0852@m5p.com>
In-Reply-To: <20201119171548.anb34fpeuij3liyr@nerd-thinkpad.local>
References:  <3e4179d0-f6c4-66a5-9628-b2ee95071858@FreeBSD.org> <7CB521CC-8B8D-4E06-BBE0-23FD58A2F79F@freebsd.am> <20201119171548.anb34fpeuij3liyr@nerd-thinkpad.local>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--13CJvmGTuU9akqrXyS1k7zH1nmyh6G3Nc
Content-Type: multipart/mixed; boundary="zp7MTH2ij6xZTg9PhhTt6d6R6NfS8FIQN";
 protected-headers="v1"
From: George Mitchell <george+freebsd@m5p.com>
To: freebsd-hackers@freebsd.org
Message-ID: <edf490fd-e166-0173-04d0-ff3d1acd0852@m5p.com>
Subject: Re: How is Thunderbird signing my emails?
References: <3e4179d0-f6c4-66a5-9628-b2ee95071858@FreeBSD.org>
 <7CB521CC-8B8D-4E06-BBE0-23FD58A2F79F@freebsd.am>
 <20201119171548.anb34fpeuij3liyr@nerd-thinkpad.local>
In-Reply-To: <20201119171548.anb34fpeuij3liyr@nerd-thinkpad.local>

--zp7MTH2ij6xZTg9PhhTt6d6R6NfS8FIQN
Content-Type: multipart/mixed;
 boundary="------------27E28617A44FDB675DA14B6B"
Content-Language: en-US

This is a multi-part message in MIME format.
--------------27E28617A44FDB675DA14B6B
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable


On 11/19/20 12:15 PM, Daniel Ebdrup Jensen wrote:
 > On Thu, Nov 19, 2020 at 04:05:40PM +0400, Antranig Vartanian wrote:
 >> I=E2=80=99m wondering if there are any alternative clients that Just =
Works=20
and uses GnuPG keyring?
 >>
 >> Thanks in advance.
 >>
 >> Sent from my iPhone
 >>
 >>> On 19 Nov 2020, at 3:02 PM, Lev Serebryakov <lev@freebsd.org> wrote:=

 >>>
 >>> =EF=BB=BFOn 19.11.2020 5:52, George Mitchell wrote:
 >>>
 >>>> The Thunderbird people have integrated the functionality of Enigmai=
l
 >>>> into Thunderbird itself.  In the abstract, this sounds like a great=

 >>>> idea, because I believe that the more people use PGP signatures and=

 >>>> encryption, the better.  But the concrete reality of the=20
implementation
 >>>> puzzles me in a couple of respects:
 >>> Concrete reality of the implementation is awful. It is not=20
replacement for Enigmail :-(
 >>>
 >>>> a. It's now inclined to attach my public key to every message I sen=
d,
 >>>> unless I tell it it not to do that on a message-by-message basis=20
(under
 >>>> the "Security" menu in the message composition dialog).  I can't fi=
nd
 >>>> where I can globally disable this.
 >>> See https://bugzilla.mozilla.org/show_bug.cgi?id=3D1654950 - new=20
releases will have hidden setting for it.
 >>>
 >>>> b. More alarmingly, when it appends my PGP signature to my outgoing=

 >>>> messages, it is able to unlock my private key without asking for th=
e
 >>>> passphrase.  How is it doing this??
 >>> New Thunderbird doesn't use GPG keyring, it imports all keys into=20
its own database (also it doesn't use Web Of Trust!). Private keys are=20
protected only by global profile password (did you have this one set?=20
I'm in doubt, it  is rarely-used feature). So, if you account is without =

global password, you imported private keys are not protected at all.=20
Good luck with that :-(
 >>>
 >>> --
 >>> // Lev Serebryakov
 >>> _______________________________________________
 >>> freebsd-hackers@freebsd.org mailing list
 >>> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
 >>> To unsubscribe, send any mail to=20
"freebsd-hackers-unsubscribe@freebsd.org"
 >> _______________________________________________
 >> freebsd-hackers@freebsd.org mailing list
 >> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
 >> To unsubscribe, send any mail to=20
"freebsd-hackers-unsubscribe@freebsd.org"
 >
 > Hi folks,
 >
 > NeoMutt and GnuPG works well together, and NeoMutt can even render=20
html email by using w3m as a pager for the by setting 'auto_view=20
text/html' and putting the following into ~/.mailcap:
 > text/html; w3m -T text/html %s; nametemplate=3D%s.html; copiousoutput
 >
 > I've been using it on my FreeBSD laptop for both mailing lists,=20
FreeBSD development, and as a daily driver.
 >
 > Also, please think of this as a little reminder not to top-post on=20
mailing lists. :)
 >
 > Yours respectfully,
 > Daniel Ebdrup Jensen

Thanks to all for the information.  I've been pondering Signal for a
while now (thanks to RW for the blog post about avoiding encrypted
email altogether).                                        -- George

--------------27E28617A44FDB675DA14B6B--

--zp7MTH2ij6xZTg9PhhTt6d6R6NfS8FIQN--

--13CJvmGTuU9akqrXyS1k7zH1nmyh6G3Nc
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEENdM4ZHktsJW5kKZXwRES3m+p4fkFAl+2xeQFAwAAAAAACgkQwRES3m+p4fnJ
oRAAu1i5VEkOx1UooH82kOUtsoV/2fiqz135EHdJ38uT2w7DsN1uZbiOlDUoF0emDtISRdIWApEl
HTmbWKzMTRgV8qzt40PXnvlYPFarIy6Bc66NLGT+3+SpJmyeOVoUsLbNu6v6z2d7pJ+tWbqRWC8b
nOE8ZEIIA0A5n5QSpvkMEGchVly+gKxJcBpEsREHrCotiptyC+BKBuYv9/fi5/UdI6dnnzv2T+sy
O6YmQbZrkaQTL90WFBqTLZGz7F+J7TDgg8bXWA1ua1STdm2DFSyyoQ3x+eWIGIrESEQc+8gXOewI
4oJ1BaxXIjslVRakRu79fO/A4DmubtPgANAHeKTDuCJasCbU/4lHPIkcB9bHf6jDBTiPKrIygW7S
Huza+vSpl4Rx/OEMt3uJs5NzmTnwpIGbQ823IQqNm9IOktqCS+y0S/OkTDmay/gcltTXxIdKlXjM
BsSAvyCK1fAl4xd0UTwAmDMjSrXB5SVMliF/ScE2OFGkqS363jUkf/GcgpvhFmS1OqhnHoMy+B7k
8mcfAkbN5F9CZmnpqBGdCakTCNqVnZYs6NAEBw/B4sPLJQcjJ5EAGciEilz3IVSpnrFrPDjEVTY3
1Bu9Sk/thmPD+c3g43GOF6RwmLjrZ8LsZWfSOrFMeHCLchghHsJ/pa7I3QyIVklBi4GnfIq7nGKy
D8c=
=zByL
-----END PGP SIGNATURE-----

--13CJvmGTuU9akqrXyS1k7zH1nmyh6G3Nc--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?edf490fd-e166-0173-04d0-ff3d1acd0852>