Mailing List Archive

Am Donnerstag 17 Februar 2022 17:35:53 schrieb Robert J. Hansen via
Gnupg-users:
> Thunderbird doesn't use GnuPG.

For some operations it still can (be configured to do so).
Anyway, we do have a wiki page for hints

https://wiki.gnupg.org/EMailClients/Thunderbird

> However, for those who do:
> apparently, Thunderbird is a big fan of attaching public certificates
> (and/or revocation certificates, for revoked keys) to outgoing emails
> for *every private certificate on your keyring*, regardless of whether
> that private key is actually associated with the account in question.
>
> This has the potential to leak personal information, especially if
> you're in a use case where you have two or more keys presenting
> different pseudonymous identities. Without knowing it, you might
> accidentally reveal you're the common actor behind both.

Sounds like a defect to me, do you have a problem report ticket with
Thunderbird or a forum entry which described the problem in more detail
(like which version is affected).

Overall I believe that attaching pubkeys (like autocrypt proposes) is not a
good idea (the arguments put forward elsewhere).

Thanks for your warning, what about if we put it on our wiki page?

Regards,
Bernhard

--
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

> Overall I believe that attaching pubkeys (like autocrypt proposes) is not a
> good idea (the arguments put forward elsewhere).

For the record, Autocrypt does not attach public keys, it includes them in
headers. I concur that attaching public keys is a bad idea.

> apparently, Thunderbird is a big fan of attaching public certificates
> (and/or revocation certificates, for revoked keys) to outgoing emails
> for *every private certificate on your keyring*, regardless of whether
> that private key is actually associated with the account in question.

I haven't tested this myself but from a quick check with someone who uses
Thunderbird they couldn't verify this claim. Maybe this just happens on some
versions? Either way I wouldn't assume it's intended behavior.

- V

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Hi Vincent,

Am Donnerstag 24 Februar 2022 13:27:08 schrieb Vincent Breitmoser via
Gnupg-users:
> > Overall I believe that attaching pubkeys (like autocrypt proposes) is not
> > a good idea (the arguments put forward elsewhere).
>
> For the record, Autocrypt does not attach public keys, it includes them in
> headers.

Thanks for the correction.

> I concur that attaching public keys is a bad idea.

I've meant that conveying the pubkey with each email is suboptimal,
may it be in the header, as attachment or elsewhere. This is what autocrypt
does if I remember correctly.

> I haven't tested this myself but from a quick check with someone who uses
> Thunderbird they couldn't verify this claim. Maybe this just happens on
> some versions? Either way I wouldn't assume it's intended behavior.

This is helpful information, I agree that we should have more specific
information because we can "warn" about the behaviour.
Do you know which version was tested by chance?

Best Regards,
Bernhard

--
www.intevation.de/~bernhard ? +49 541 33 508 3-3
Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998
Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

> Sounds like a defect to me, do you have a problem report ticket with
> Thunderbird or a forum entry which described the problem in more detail
> (like which version is affected).

It turns out the actual behavior is a little different than I originally
described. If you have a valid certificate with a given email address,
and a revoked certificate (or certificates) with that same email
address, it will silently add the revoked certificates, as well as the
valid one, to your email. This is still a bad idea.

On the other hand, Thunderbird now says it's a deliberate choice on
their part, so...

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

On 24/02/2022 16:59, Robert J. Hansen via Gnupg-users wrote:
>> Sounds like a defect to me, do you have a problem report ticket with
>> Thunderbird or a forum entry which described the problem in more detail
>> (like which version is affected).
>
> It turns out the actual behavior is a little different than I originally
> described.  If you have a valid certificate with a given email address,
> and a revoked certificate (or certificates) with that same email
> address, it will silently add the revoked certificates, as well as the
> valid one, to your email.  This is still a bad idea.

I can confirm this happened to me when I specifically ticked "Attach my
public key" in TB's composer - it also attached the revocation cert for
an ancient key that I still have in my keyring but never used for anything.

--
Andrew Gallagher

Am 24.02.2022 17:59, schrieb Robert J. Hansen via Gnupg-users:
>> Sounds like a defect to me, do you have a problem report ticket with
>> Thunderbird or a forum entry which described the problem in more
>> detail
>> (like which version is affected).
>
> It turns out the actual behavior is a little different than I
> originally described. If you have a valid certificate with a given
> email address, and a revoked certificate (or certificates) with that
> same email address, it will silently add the revoked certificates, as
> well as the valid one, to your email. This is still a bad idea.
>
> On the other hand, Thunderbird now says it's a deliberate choice on
> their part, so...

In one word: broken by design..... :-(


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

When I want to sign or encrypt a message, I am still a fan of writing it
out and performing these actions from within gpa, and then cutting and
pasting the encrypted text into my messages.

Any other method leaves you to trust third parties to handle your keys
responsibly which has been proven time and again unreliable, as is being
pointed out here.

No, it doesn't encrypt MIME data or attachments, and I feel like that is
desirable. I don't personally want my MIME data or signature to be
encrypted. They are predictable anyway and that is a major liability.
You can encrypt your attachments independently.

Unfortunately, Thunderbird has for a while now flagged "inline
encryption" as of questionable integrity, partly since the MIME data
isn't verifiable.

--
__ _ ____ _ ____ ____ _ _ _ __ _ ____
| \| |--| | |___ |--| |\/| | | \| |===

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users