Re: [Enigmail] OpenPGP & Thunderbird 78.2.0
On 07.09.2020 21:55, Phil Kane wrote: > On 9/6/2020 11:35 PM, Patrick Brunschwig wrote: > >> pEp for Thunderbird is not Enigmail. You won't receive an Enigmail >> version that will work with TB 78. > > If that is the case, just what is pEp? What does it replace? The main idea of pEp is to provide message security without bothering the user as much as possible. User should not need to deal with key management and should not need to care to enable encryption manually. If you want to know what pEp is, then read the following: https://www.pep.security/en/faq/ Enigmail 2.0 and 2.1 contains a pEp Junior Mode. In this mode, Enigmail uses the pEp engine for crypto-operations, and the user interface is reduced to a very small set of security indicators and dialogs. As Enigmail will not support TB 78, the pEp developers decided to create their own add-on from scratch. The add-on is the quasi-continuation of the pEp Junior Mode. Those who use Enigmail in the pEp Junior Mode are offered to move to that new pEp for Thunderbird addon instead of being migrated to OpenPGP in Thunderbird. -Patrick signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] OpenPGP & Thunderbird 78.2.0
True, but the first (and only) place I have heard of p≡p in regards to TB is here on this list actually with this same subject line, so I figured it was fair game. On 9/7/2020 4:51 PM, Robert J. Hansen wrote: >> My asking was a sort of a joke although still not sure what the purpose >> of p≡p based on the following text from the Thunderbird 78 blog: > > Given that Enigmail is not p≡p and doesn't work with TB78, perhaps > you'd be best served asking at a mailing list that caters to one or > the other? > > ___ > enigmail-users mailing list > enigmail-users@enigmail.net > To unsubscribe or make changes to your subscription click here: > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] OpenPGP & Thunderbird 78.2.0
My asking was a sort of a joke although still not sure what the purpose of p≡p based on the following text from the Thunderbird 78 blog: Given that Enigmail is not p≡p and doesn't work with TB78, perhaps you'd be best served asking at a mailing list that caters to one or the other? ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Enigmail, TB 78+ and security
On 07.09.20 22:18, Mark wrote: Had those same concerns as there are a multitude of mozilla master password decrypters out there. Please see these recent messages from this list: https://admin.hostpoint.ch/pipermail/enigmail-users_enigmail.net/2020-August/005707.html https://admin.hostpoint.ch/pipermail/enigmail-users_enigmail.net/2020-August/005716.html Kai ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Enigmail, TB 78+ and security
Had those same concerns as there are a multitude of mozilla master password decrypters out there. Plus keeping two key stores in sync could be problematic. On 9/7/2020 12:57 PM, li...@datenritter.de wrote: > Hi all, > > So, Thunderbird will finally implement OpenPGP. Great! \o/ > > Unfortunately, Mozilla as usual have their own way... /o\ > > TB will store PGP-Keys without encryption - unless you use a master > password. Which... must be entered on every start anyway. > > One password for everything might seem comfortable, but doesn't that > mean our keys will be kept in memory without any protection? Sounds like > a terrible idea to keep sensitive information like this in a complex and > most probably still buggy application like TB. > > Enigmail asks for pasphrases on demand and comes with a timeout option. > Keys are protected by gpg, which also handles decryption, so it would > never spit out any key data unless there's a bug in the pgp binary. With > enigmail and gpg a memory leak in TB would not compromise your keys. Am > I right? (Or is gpg executed in TB's address space?) > > Looks like a certain loss of security to me. > > Also, in the future we have to maintain two separate key storages, > because TB has to have it's Extrawurst*. > > The web of trust is basically dead - but keysigning by all means is not. > TB will replace enigmail before WoT functionality has been implemented. > If ever. > > ATM, this is the scariest change to deal with in the FOSS world. > Please tell me I got it all wrong. > > d. > > > > (* Funny German word for special treatment.) > > ___ > enigmail-users mailing list > enigmail-users@enigmail.net > To unsubscribe or make changes to your subscription click here: > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Enigmail, TB 78+ and security
Am 07.09.20 um 22:07 schrieb Bernhard Esslinger: >> There is an advanced option for Thunderbird to delegate to an external >> GnuPG installation to perform secret key operations > Is there a detailed description with some screenshots how we can use and > configure this behavior well? Basically you just have to set mail.openpgp.allow_external_gnupg to true. See here: https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq#w_what-types-of-openpgp-keys-are-supported And here: https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards I am worried mozilla might dump this option one day or just care very little about it. d. ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] OpenPGP & Thunderbird 78.2.0
My asking was a sort of a joke although still not sure what the purpose of p≡p based on the following text from the Thunderbird 78 blog: "Unlike Enigmail, OpenPGP in Thunderbird 78 does not use GnuPG software by default. This change was necessary to provide a seamless and integrated experience to users on all platforms." I do appreciate you explaining in more detail why Enigmail wont work in 78. If we are moving away from that "seamless and integrated experience" by using p≡p add-on what are you getting for that? On 9/7/2020 8:53 AM, Robert J. Hansen wrote: >> So then would it legitimate to have a version of Enigmail that >> continued to work with TB 78? :) > > Won't and can't exist. Please stop asking. > > We've given the reasons many, many times. Originally, the Thunderbird > user interface was done using a Mozilla technology called XPCOM. > Mozilla has since abandoned XPCOM; moving forward, all extensions have > to be written as WebExtensions. > > So all the XPCOM in Enigmail, the stuff that's accumulated over almost > twenty years of development? None of it works any more. > > Enigmail cannot be ported to TB78. We would have to literally start > over rewriting the user interface in WebExtension. The finished > product would not be Enigmail as you've come to know it: it would be > something completely new and different. > > If you want to develop your own Enigmail successor as a WebExtension, > knock yourself out. But please don't call it Enigmail. :) > > ___ > enigmail-users mailing list > enigmail-users@enigmail.net > To unsubscribe or make changes to your subscription click here: > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Enigmail, TB 78+ and security
Hello Eli, > There is an advanced option for Thunderbird to delegate to an external > GnuPG installation to perform secret key operations Is there a detailed description with some screenshots how we can use and configure this behavior well? Best regards, Bernhard Am 07.09.2020 um 22:04 schrieb Eli Schwartz: > On 9/7/20 3:57 PM, li...@datenritter.de wrote: >> Hi all, >> >> So, Thunderbird will finally implement OpenPGP. Great! \o/ >> >> Unfortunately, Mozilla as usual have their own way... /o\ >> >> TB will store PGP-Keys without encryption - unless you use a master >> password. Which... must be entered on every start anyway. >> >> One password for everything might seem comfortable, but doesn't that >> mean our keys will be kept in memory without any protection? Sounds like >> a terrible idea to keep sensitive information like this in a complex and >> most probably still buggy application like TB. >> >> Enigmail asks for pasphrases on demand and comes with a timeout option. >> Keys are protected by gpg, which also handles decryption, so it would >> never spit out any key data unless there's a bug in the pgp binary. With >> enigmail and gpg a memory leak in TB would not compromise your keys. Am >> I right? (Or is gpg executed in TB's address space?) >> >> Looks like a certain loss of security to me. >> >> Also, in the future we have to maintain two separate key storages, >> because TB has to have it's Extrawurst*. >> >> The web of trust is basically dead - but keysigning by all means is not. >> TB will replace enigmail before WoT functionality has been implemented. >> If ever. >> >> ATM, this is the scariest change to deal with in the FOSS world. >> Please tell me I got it all wrong. > There is an advanced option for Thunderbird to delegate to an external > GnuPG installation to perform secret key operations, which is needed to > handle smartcards but also permits storing your own private key in gpg. > > You'll still need to maintain public keys in Thunderbird's private > keystore, but the thing that gets protected with a password will be in > gpg and use the standard gpg unlock dialog. > > > ___ > enigmail-users mailing list > enigmail-users@enigmail.net > To unsubscribe or make changes to your subscription click here: > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Enigmail, TB 78+ and security
On 9/7/20 3:57 PM, li...@datenritter.de wrote: > Hi all, > > So, Thunderbird will finally implement OpenPGP. Great! \o/ > > Unfortunately, Mozilla as usual have their own way... /o\ > > TB will store PGP-Keys without encryption - unless you use a master > password. Which... must be entered on every start anyway. > > One password for everything might seem comfortable, but doesn't that > mean our keys will be kept in memory without any protection? Sounds like > a terrible idea to keep sensitive information like this in a complex and > most probably still buggy application like TB. > > Enigmail asks for pasphrases on demand and comes with a timeout option. > Keys are protected by gpg, which also handles decryption, so it would > never spit out any key data unless there's a bug in the pgp binary. With > enigmail and gpg a memory leak in TB would not compromise your keys. Am > I right? (Or is gpg executed in TB's address space?) > > Looks like a certain loss of security to me. > > Also, in the future we have to maintain two separate key storages, > because TB has to have it's Extrawurst*. > > The web of trust is basically dead - but keysigning by all means is not. > TB will replace enigmail before WoT functionality has been implemented. > If ever. > > ATM, this is the scariest change to deal with in the FOSS world. > Please tell me I got it all wrong. There is an advanced option for Thunderbird to delegate to an external GnuPG installation to perform secret key operations, which is needed to handle smartcards but also permits storing your own private key in gpg. You'll still need to maintain public keys in Thunderbird's private keystore, but the thing that gets protected with a password will be in gpg and use the standard gpg unlock dialog. -- Eli Schwartz Arch Linux Bug Wrangler and Trusted User signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
[Enigmail] Enigmail, TB 78+ and security
Hi all, So, Thunderbird will finally implement OpenPGP. Great! \o/ Unfortunately, Mozilla as usual have their own way... /o\ TB will store PGP-Keys without encryption - unless you use a master password. Which... must be entered on every start anyway. One password for everything might seem comfortable, but doesn't that mean our keys will be kept in memory without any protection? Sounds like a terrible idea to keep sensitive information like this in a complex and most probably still buggy application like TB. Enigmail asks for pasphrases on demand and comes with a timeout option. Keys are protected by gpg, which also handles decryption, so it would never spit out any key data unless there's a bug in the pgp binary. With enigmail and gpg a memory leak in TB would not compromise your keys. Am I right? (Or is gpg executed in TB's address space?) Looks like a certain loss of security to me. Also, in the future we have to maintain two separate key storages, because TB has to have it's Extrawurst*. The web of trust is basically dead - but keysigning by all means is not. TB will replace enigmail before WoT functionality has been implemented. If ever. ATM, this is the scariest change to deal with in the FOSS world. Please tell me I got it all wrong. d. (* Funny German word for special treatment.) ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] OpenPGP & Thunderbird 78.2.0
On 9/6/2020 11:35 PM, Patrick Brunschwig wrote: > pEp for Thunderbird is not Enigmail. You won't receive an Enigmail > version that will work with TB 78. If that is the case, just what is pEp? What does it replace? == Phil Kane ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] OpenPGP & Thunderbird 78.2.0
Exactly my question... On 9/7/2020 12:55 PM, Phil Kane wrote: > On 9/6/2020 11:35 PM, Patrick Brunschwig wrote: > >> pEp for Thunderbird is not Enigmail. You won't receive an Enigmail >> version that will work with TB 78. > If that is the case, just what is pEp? What does it replace? > > == Phil Kane > > ___ > enigmail-users mailing list > enigmail-users@enigmail.net > To unsubscribe or make changes to your subscription click here: > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] OpenPGP & Thunderbird 78.2.0
On 7 Sep 2020, at 17:54, Robert J. Hansen wrote: > > >> >> So then would it legitimate to have a version of Enigmail that continued to >> work with TB 78? :) > > Won't and can't exist. Please stop asking. > > We've given the reasons many, many times. Originally, the Thunderbird user > interface was done using a Mozilla technology called XPCOM. Mozilla has since > abandoned XPCOM; moving forward, all extensions have to be written as > WebExtensions. > > So all the XPCOM in Enigmail, the stuff that's accumulated over almost twenty > years of development? None of it works any more. > > Enigmail cannot be ported to TB78. We would have to literally start over > rewriting the user interface in WebExtension. The finished product would not > be Enigmail as you've come to know it: it would be something completely new > and different. > > If you want to develop your own Enigmail successor as a WebExtension, knock > yourself out. But please don't call it Enigmail. :) Maybe call it MailVelope? That’s a Firefox browser webextension that works in FX78 and higher for webmail (-: Onno smime.p7s Description: S/MIME cryptographic signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] OpenPGP & Thunderbird 78.2.0
So then would it legitimate to have a version of Enigmail that continued to work with TB 78? :) Won't and can't exist. Please stop asking. We've given the reasons many, many times. Originally, the Thunderbird user interface was done using a Mozilla technology called XPCOM. Mozilla has since abandoned XPCOM; moving forward, all extensions have to be written as WebExtensions. So all the XPCOM in Enigmail, the stuff that's accumulated over almost twenty years of development? None of it works any more. Enigmail cannot be ported to TB78. We would have to literally start over rewriting the user interface in WebExtension. The finished product would not be Enigmail as you've come to know it: it would be something completely new and different. If you want to develop your own Enigmail successor as a WebExtension, knock yourself out. But please don't call it Enigmail. :) ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
