Certified OpenPGP-encryption after release of Thunderbird 78

Andreas Boehlk Computer-Service computer at boehlk.com
Tue Jun 9 17:25:11 CEST 2020


Am 31.05.2020 um 12:35 schrieb Patrick Brunschwig:
> Andreas Boehlk Computer-Service wrote on 31.05.2020 11:09:
>> Hello Patrick,
>>
>>
>> Am 31.05.2020 um 10:01 schrieb Patrick Brunschwig:
>>> Mark wrote on 31.05.2020 01:28:
>>>> Doesn't TB also need your secret keys to decrypt messages?  
>>>
>>> With smartcard support via GnuPG, all secret key operations are handled
>>> by GnuPG, and all public key operations are handled by TB (Note: the
>>> standard case, without smartcard support, will be that all keys are in
>>> Thunderbird).
>>>
>>> The use-cases are clearly distinct:
>>> - encryption: you only need public keys
>>> - decryption: you only need secret keys
>>> - signing: you only need secret keys
>>> - verification: you only need public keys
>>>
>> The standard user will not be able to work with that "solution".
>> Compared to the "enigmail-solution" this is the hell and bound to fail.
> 
> Let's first define Standard users. The majority of users who use
> smartcards that *I* know are expert or power users. They can handle this.
> 
> The "Standard users" I have in mind don't use GnuPG for anything else
> than encrypting mails, and they don't use smartcards either. They won't
> have this issue in any way.
> 
>>>> Also what if you need your public keys outside of TB such as encrypting
>>>> a file?
>>>
>>> That's not supported by Thunderbird. The idea of OpenPGP in Thunderbird
>>> is that you use it for email.
>>>
>> That is correct, but nevertheless it is mandatory to have and use a
>> single key-store.
> 
> For which use-case precisely? If you only use OpenPGP for emails (and
> given the users I know who had support cases in the past, this is true
> for the majority of the Enigmail users), then this is irrelevant.
> 
The use cases are clear and I myself and some of my clients use them.
And when I speak from my point of view it is enough work to take care of
one key store and I personally do not want to have a second one; and
this second one has to be synchronized on every single endpoint as well.
That is twice the work.

> To be quite clear: Thunderbird will not support GnuPG for scenarios
> other than handling secret keys. And that's only because the OpenPGP
> library they use can't handle smartcards yet. Once the library will
> support smartcards, I expect that GnuPG support will be removed entirely.
> 
From then on PGP and the second key store will be mandatory for the
purpose of signing and decrypting.

> Note: I'm not a Thunderbird developer and I don't drive Thunderbird
> decisions -- this is simply my expectation of what will happen.
> 
Yes, I got that of course.
It is just my lack of understanding TB's decision to not trying to adapt
a running system in a proper way.
> -Patrick
> 
Andreas

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200609/2cdc9863/attachment.sig>


More information about the Gnupg-users mailing list