Mailing List Archive

Hi Bernhard,

thanks for that page. I'm not using Thunderbird but I know many people
who do. In particular the option to turn off the annoying dots is very
useful.

I'm going to spread the link at least in our association and between
friends and colleagues. Did you toot the link through Mastodon as well
- I just failed to find and re-toot a correspondig content.

Regards,
Peter


On Thu, 2021-12-02 at 09:57 +0100, Bernhard Reiter wrote:
> Hi,
> just compiled a new wiki page with history and hints
> about using Thunderbird with OpenPGP/MIME.
>
>   https://wiki.gnupg.org/EMailClients/Thunderbird
>
> Mainly I've used information from the email list,
> but it also adds a conclusion how to deal with subject lines
> of email.
>
> Let me know how you like it.
>
> Regards,
> Bernhard
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

Hi Peter,

Am Donnerstag 02 Dezember 2021 17:35:17 schrieb Dr. Peter Voigt:
> thanks for that page. I'm not using Thunderbird but I know many people
> who do. In particular the option to turn off the annoying dots is very
> useful.

good to know that you think it is useful. :)

> Did you toot the link through Mastodon as well
> - I just failed to find and re-toot a correspondig content.

I didn't toot it so far.

First I wanted to gather some feedback, especially about the following
section, where I've added a recommendation what to use instead
of incompatible header encryption:


| Transport information in a decentral network - just like the writing on the
| outside of a postal mail envelope - cannot be protected in principle.
| When reflecting on this, chose a subject that is plausible in context,
| but without sensitive contents, to best veil potential unwanted observers.
| (Your thinking is right: The more sensitive this is, the more you have
| to build up a plausible context for your unavoidable traces first.)

(Also I've just improved the phrasing and spelling.)

Best Regards,
Bernhard


--
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

Am 03.12.21 um 12:04 schrieb Bernhard Reiter:
> Hi Peter,
>
> Am Donnerstag 02 Dezember 2021 17:35:17 schrieb Dr. Peter Voigt:
>> thanks for that page. I'm not using Thunderbird but I know many people
>> who do. In particular the option to turn off the annoying dots is very
>> useful.
>
> good to know that you think it is useful. :)
No doubt it is useful. This three-dot-BS by default looks more like a
bug than a meaningful feature, IMO.

>
>> Did you toot the link through Mastodon as well
>> - I just failed to find and re-toot a correspondig content.
>
> I didn't toot it so far.
>
> First I wanted to gather some feedback, especially about the following
> section, where I've added a recommendation what to use instead
> of incompatible header encryption:
>
>
> | Transport information in a decentral network - just like the writing on the
> | outside of a postal mail envelope - cannot be protected in principle.
> | When reflecting on this, chose a subject that is plausible in context,
> | but without sensitive contents, to best veil potential unwanted observers.
> | (Your thinking is right: The more sensitive this is, the more you have
> | to build up a plausible context for your unavoidable traces first.)
>
This caters more to spies or people who have to be paranoid for an other
reason. And they will know already.

The average user, I guess, just wants to keep private communication
private. And what the subject reveals should in most cases be
negligible. So to me this paragraph seems a bit out of place.

> (Also I've just improved the phrasing and spelling.)
>
> Best Regards,
> Bernhard

Thanks for your time and effort!

Rainer

>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

I was testing Thunderbird Daily 97.0a1 for a different purpose, but I
saw that you can disable the encryption of the subject in the settings
(in the category "End-to-end Encryption). Just added this information
to the wiki with a screenshot.

For me the encryption of the subject seemed to be an advantage because
the subject is some kind of meta information and meta information can
say very much about a person.

Greetings,
Christoph

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Am Freitag 03 Dezember 2021 13:52:19 schrieb Rainer Fiebig via Gnupg-users:
> Am 03.12.21 um 12:04 schrieb Bernhard Reiter:

> > of incompatible header encryption:
> > | Transport information in a decentral network - just like the writing on
> > | the outside of a postal mail envelope - cannot be protected in
> > | principle. When reflecting on this, chose a subject that is plausible
> > | in context, but without sensitive contents, to best veil potential
> > | unwanted observers. (Your thinking is right: The more sensitive this
> > | is, the more you have to build up a plausible context for your
> > | unavoidable traces first.)
>
> This caters more to spies or people who have to be paranoid for an other
> reason. And they will know already.

> The average user, I guess, just wants to keep private communication
> private. And what the subject reveals should in most cases be
> negligible. So to me this paragraph seems a bit out of place.

Okay, thanks for letting me know.
I've included it because many people feel that encrypting this part of the
meta data is a good idea and should be done for average users.

(As Christoph wrote Donnerstag 09 Dezember 2021 17:10:29:
| For me the encryption of the subject seemed to be an advantage because
| the subject is some kind of meta information and meta information can
| say very much about a person.
)

This clashes a bit with the confidentially improvement somebody may get
using a transport network that is not controlled by one entity and by
multiple indepentently implemented clients. For this I believe that all users
need to be aware of what is meta information and what is not.

My hypothesis is that people can deal with this in daily non-digital life
already, like considering what to talk about or display in a public or
semi-public place.

Anyway, next time I'll check that paragraph, I think how I can make the
connection in a better way.

Best Regards,
Bernhard


--
www.intevation.de/~bernhard ? +49 541 33 508 3-3
Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998
Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

On 03.12.2021 12:04, Bernhard Reiter wrote:
> First I wanted to gather some feedback, especially about the following
> section, where I've added a recommendation what to use instead
> of incompatible header encryption:
>
>
> | Transport information in a decentral network - just like the writing on the
> | outside of a postal mail envelope - cannot be protected in principle.
> | When reflecting on this, chose a subject that is plausible in context,
> | but without sensitive contents, to best veil potential unwanted observers.
> | (Your thinking is right: The more sensitive this is, the more you have
> | to build up a plausible context for your unavoidable traces first.)

I didn't read the wiki page yet, but I'd like to comment on that paragraph. I agree in part, but not completely. The idea is nice, but can't be realized in practice.

From my personal experience, it is very hard and consumes time to find appropriate subject lines. After all, when using OpenPGP in business, recipients invest 5 seconds per message at maximum when scanning the list of received messages to decide what message to read first. "Wrong" subject lines are not helpful in this context. That means that your suggestion may be valid for private communication, but not for business.

Rather, it is often good style and really simplifies things if some important (sensitive) data is in the subject line. As an example, imagine that you are communicating with your health insurance company. The staff there usually is very grateful if they see your insurance number in the subject line, plus a few keywords (in German, for example, "Kündigung", "Leistungsantrag" etc.). Not following this convention costs them time and effort and is bad style.

Apart from that, you'll have some trouble yourself with that strategy. Imagine you have to find a message you have sent two years ago. That could be hard if you have "faked" the subject lines. Furthermore, the recipient will hopefully answer your message one day, and will typically do this by just hitting the "Reply" button. That means the answer comes back with the same "fake" subject line you originally had chosen, and that game will continue until the communication on this subject has ceased. In the end, you have 50 sent messages and 50 received messages with a "wrong" subject line.

Your comparison with snail mail is the right way to understand the issue: Did you ever receive a letter from your health insurance which carried the actual subject on the *outside* of the *envelope* (example subject of a letter from your health insurance: "Payment for your HIV treatment")? I didn't, and I'll have a very serious talk with the sender if I ever do.

*Every* piece of data should be protected, especially in electronic communication, except the transportation data which technically is absolutely necessary to get the transport done. In the same way the postal service does not need to know the content of a letter (including the subject) to transport it from the sender to the recipient, SMTP servers do not need to know the subject to transport messages.

SMTP basically needs only the sender address (strictly looking at it, not even that, but it is important for bounces and replies) and the recipient address. Sad to say that SMTP servers usually dynamically add headers during transport which already can put somebody at risk, but I guess we'll have to live with that for the moment.

A subject line really does not fall into the category of transportation data. SMTP servers don't need to know it to transport the message, and it can (and in most cases, will) contain sensitive data. We shouldn't call something transportation data solely because it is in a header.

I am very grateful that we can finally encrypt the subject line with most OpenPGP implementations since several years. Actually, not being able to do this kept me from using PGP (in E-Mail) for a while. Now I always encrypt the subject line, and so do my communication partners. If there are MUAs out there which can't cope with that, refraining from encrypting the subject would be the wrong reaction. Instead, people using such a MUA should be educated to use another MUA. PGP implementations have undergone changes which were much more "breaking" than encrypted subject lines.

Best regards,

Binarus


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

On 2022-01-29 at 17:34 +0100, Binarus wrote:
> I didn't read the wiki page yet, but I'd like to comment on that
> paragraph. I agree in part, but not completely. The idea is nice, but
> can't be realized in practice.
>
> From my personal experience, it is very hard and consumes time to
> find appropriate subject lines. After all, when using OpenPGP in
> business, recipients invest 5 seconds per message at maximum when
> scanning the list of received messages to decide what message to read
> first. "Wrong" subject lines are not helpful in this context. That
> means that your suggestion may be valid for private communication,
> but not for business.
>
> Rather, it is often good style and really simplifies things if some
> important (sensitive) data is in the subject line. As an example,
> imagine that you are communicating with your health insurance
> company. The staff there usually is very grateful if they see your
> insurance number in the subject line, plus a few keywords (in German,
> for example, "Kündigung", "Leistungsantrag" etc.). Not following this
> convention costs them time and effort and is bad style.

How is it that *not* having the insurance number in the subject but
instead e.g. on the first line costs them time and effort?



> Apart from that, you'll have some trouble yourself with that
> strategy. Imagine you have to find a message you have sent two years
> ago. That could be hard if you have "faked" the subject lines.
> Furthermore, the recipient will hopefully answer your message one
> day, and will typically do this by just hitting the "Reply" button.
> That means the answer comes back with the same "fake" subject line
> you originally had chosen, and that game will continue until the
> communication on this subject has ceased. In the end, you have 50
> sent messages and 50 received messages with a "wrong" subject line.

I agree with this, though.


> Your comparison with snail mail is the right way to understand the
> issue: Did you ever receive a letter from your health insurance which
> carried the actual subject on the *outside* of the *envelope*
> (example subject of a letter from your health insurance: "Payment for
> your HIV treatment")? I didn't, and I'll have a very serious talk
> with the sender if I ever do.

That's a good example where it would be preferable to use a subject
like "Payment for your treatment". It's probably not really required to
specify in the subject line *which* kind of treatment it is. And that
broad topic is probably not revealing much for an email received from
"invoices@healthinsurance.com"


> *Every* piece of data should be protected, especially in electronic
> communication, except the transportation data which technically is
> absolutely necessary to get the transport done.

I agree on principle, but see below.


> In the same way the postal service does not need to know the content
> of a letter (including the subject) to transport it from the sender
> to the recipient, SMTP servers do not need to know the subject to
> transport messages.
>
> SMTP basically needs only the sender address (strictly looking at it,
> not even that, but it is important for bounces and replies) and the
> recipient address. Sad to say that SMTP servers usually dynamically
> add headers during transport which already can put somebody at risk,
> but I guess we'll have to live with that for the moment.
>
> A subject line really does not fall into the category of
> transportation data. SMTP servers don't need to know it to transport
> the message, and it can (and in most cases, will) contain sensitive
> data. We shouldn't call something transportation data solely because
> it is in a header.

Nothing in the email you receive is actually required. You could have a
Fully-Encrypted-Email-Messages, which on SMTP looked like:

MAIL FROM:<...>
RCPT TO:<lists@binarus.de>
DATA
-----BEGIN PGP MESSAGE-----

hF4DCPKrKdZYGfESAQdATlsTH4qB5t6wpjKRftCMhq4BqoFa28iMd1aIDZaq710w
...
-----END PGP MESSAGE-----
.
QUIT


No plaintext at all. (Well, some Received: headers would be added, plus
a Return-Path: ) You can even do that today.

Your problem is that no client supports it.



> I am very grateful that we can finally encrypt the subject line with
> most OpenPGP implementations since several years.

*Most* implementations? Could you list them? I would have thought that
there are still more implementations not supporting it than supporting.


> Actually, not being able to do this kept me from using PGP (in E-
> Mail) for a while. Now I always encrypt the subject line, and so do
> my communication partners.

That's fine if you know that the other side will be able to read it (or
you don't care if they cannot read it).


> If there are MUAs out there which can't cope with that, refraining
> from encrypting the subject would be the wrong reaction. Instead,
> people using such a MUA should be educated to use another MUA. PGP
> implementations have undergone changes which were much more
> "breaking" than encrypted subject lines.

Except there's no specification for that, so you can hardly blame them
for not supporting it. There was draft-autocrypt-lamps-protected-
headers, which expired 1.5 years ago.
https://www.ietf.org/archive/id/draft-autocrypt-lamps-protected-headers-02.txt


The more pressing issue, however, is that encrypting the subject
makes non-trivial some features that the users have become used to,
like listing the (decrypted) subjects of all your emails (as it now
requires decrypting $N emails, which needs fetching all of them from
the IMAP server, unlocking all the keys…).

It also somewhat obscures the advice that "anything in the headers of
the email is not protected", since it is now protected only
_sometimes_.


Best regards



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

On Mon, 31 Jan 2022 01:09, Ángel said:

> Nothing in the email you receive is actually required. You could have a
> Fully-Encrypted-Email-Messages, which on SMTP looked like:
>
> MAIL FROM:<...>
> RCPT TO:<lists@binarus.de>
> DATA
>
>
> .
> QUIT
>
>
> No plaintext at all. (Well, some Received: headers would be added, plus
> a Return-Path: ) You can even do that today.
>
> Your problem is that no client supports it.

Your problem is that the entire business world would immediatley stop
grinding. Mail ist not just a toy for privacy geeks but the glue which
connects all kind of processes. If you don't need this just switch to
to your favorite chat protocol.


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Regarding "History" section of the page:
I always thought, that the main reason was the fact that not all features of GnuPG were fully supported on 64bit Windows at the time when Thunderbird's old add-ons mechanism was being deprecated (GPGME specifically). See for example https://admin.hostpoint.ch/pipermail/enigmail-users_enigmail.net/2020-August/005724.html and following reply from Werner stating that "Andre will include a 64 bit version of gpgme.dll into the next gpg4win release".
This is somewhat confirmed by https://blog.thunderbird.net/2020/09/openpgp-in-thunderbird-78/ which states "This change was necessary to provide a seamless and integrated experience to users on all platforms".
It seems to me that porting GPGME to 64bit Windows was much simpler task than developing whole PGP support from scratch, but in spite of this, that's what TB team seemed to use as 1 of their reasons...

BTW: the page https://gnupg.org/download/supported_systems.html still states "64 bit versions of Windows are NOT supported", which probably should be updated to instead link to gpg4win.org.

Cheers!

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users