Re: [Enigmail] Missing features for Enigmail
On Wed 2018-01-24 16:11:58 -0500, Jean-David Beyer wrote: > On 01/24/2018 10:17 AM, Neil D. Donovan wrote: >> 2) Automatic decryption of received encrypted emails to the folder on >> the email server > > If I were sending you an encrypted e-mail, I presume I wish you to be > able to read it, but I surely would not wanting you to share its > contents with anyone else. So if I knew you would even be storing the > decrypted version of my email anywhere else I agree with this sentiment. Storing the cleartext (or cleartext-equivalent) on a remote untrusted server, or someplace that makes it easy to get to, seems like a bad idea, and a loss of end-to-end security that the sender is likely to expect. That said… > (or even on your own computer) i think this goes too far. Even in the most tightly-controlled end-to-end scenario, my own computer is going to see a cleartext version of this message. Whether my computer sees it briefly, or for a longer period of time, the local user's endpoint still has access to it. Given that there can be serious user experience wins from having a locally-cached cleartext copy (or the equivalent, e.g. an index), it seems like a bad idea to discourage people from using encrypted mail. wouldn't you rather that they have an incentive to use encrypted mail *more*, rather than falling back to cleartext? --dkg signature.asc Description: PGP signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Missing features for Enigmail
Hi, Neil D. Donovan: > 2) Automatic decryption of received encrypted emails to the folder on > the email server as already noted, you can achieve that using the "Message Filters" (Tools->Message Filters, Filter Rules: Select "Decrypt permanently (Enigmail)" under "Perform these actions"). If you do so, you should make sure that _at least_ the emails are stored on an encrypted drive, e.g. using LUKS on GNU/Linux. You likely cannot guarantee that for your email provider, so I would strongly advise against that. However, I can understand your motivation and have personally solved it slightly different: - Emails of the past months up to ~1 year are kept always in their original form (GPG encrypted) - Every ~1 year, I put my emails into my personal/local archive, i.e. - use the Message Filters to permanently decrypt the emails - save/move them to a local directory (the archive) - the archive is a NAS with LUKS encrypted drives as well as my LUKS encrypted laptop (in case the NAS is unavailable to me) - delete the (still encrypted) emails on the Email server Thus, the emails are never stored persistently in the clear. For me (your mileage may vary), this is a good trade-off between having GPG-encrypted emails available for my day-to-day work (because it's day-to-day I roughly remember which one is relevant) and decommissioning keys and passphrases. This also saves me from the pressure to remember passphrases of old keys indefinitely, which I likely did not need and use for a long time. Cheers, ~flapflap ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Missing features for Enigmail
On 01/24/2018 10:17 AM, Neil D. Donovan wrote: > 2) Automatic decryption of received encrypted emails to the folder on > the email server If I were sending you an encrypted e-mail, I presume I wish you to be able to read it, but I surely would not wanting you to share its contents with anyone else. So if I knew you would even be storing the decrypted version of my email anywhere else (or even on your own computer), I would no longer need to send you any encrypted mail because I could not trust you to keep it secret. I know there is nothing enigmail, or even gpg2, do to prevent untrustworthy behavior on your part, but why should they make it even easier for you to do this? Even if I trust _you_ to keep my secrets, why should I trust some server somewhere (perhaps even in the cloud) to keep them? -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521. /( )\ Shrewsbury, New Jerseyhttp://linuxcounter.net ^^-^^ 16:05:01 up 20 days, 16:27, 2 users, load average: 5.14, 4.70, 4.79 ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Missing features for Enigmail
On 24.01.18 16:17, Neil D. Donovan wrote: > Dr. Christian Ruth, > > I looked around on my installation of Enigmail (a computer with Windows > 10, GPG4Win, and Thunderbird) to see if I could find the features you > mention. > > 1) Importing public keys from a file: > > From the main Thunderbird screen, choose Enigmail > Key Management > > File > Import Keys From File > > 2) Automatic decryption of received encrypted emails to the folder on > the email server > > Note: I have never tried the following solution, so consider my answer > here a total guess. Note too that I do not use IMAP for email; I use POP. > > There is a feature in Thunderbird called "Message Filters" with which I > can move my decrypted emails to any Thunderbird folder I wish. Perhaps > it might be possible to create a Network Share under the Thunderbird > "Local Folders" that maps to a folder on the email server? If so, then > one could move his decrypted emails that that Share. ...Again ...just a > guess. you can also specify to have the decrypted mail saved to the Inbox on the IMAP server. -Patrick signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
