> I haven't tested this myself but from a quick check with someone who uses
> Thunderbird they couldn't verify this claim. Maybe this just happens on some
> versions? Either way I wouldn't assume it's intended behavior.
Other than an annoying inability to turn off "by default"
attachment of public key and signing each encrypted message,
I did not notice this behaviour.
Thunderbird is by far the best openPGP cross-platform
mail-client application around. However, my suggestion to
Thunderbird mail encryption users is to avoid any
"gnupg integration". In particular:
- If you really need to import some gnupg generated keys into
Thunderbird, clean them of any WOT crud first and treat that
as a one-way, one-time copy/transfer. Much better approach
is to consider the public/private key pair as an e-mail
address/application specific item, generated directly in,
and used only by Thunderbird.
- Devise you own method of getting public keys into the hands of
your correspondents and of their authentication and termination.
- Even if you use a mail attachment to initially send public key
to a correspondent, remember to turn off default "attach key"
for all subsequent messages. Likewise, do not sign messages by
default, but only when there is a good reason to do so.
- If at all possible, do not depend on Thunderbird to protect
your private key; instead, place your complete mail profile
directory hierarchy in an encrypted container.
With the above, and due to its popularity, Thunderbird has a
reasonable chance to increase that minuscule fraction of
encrypted e-mails.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
> Thunderbird they couldn't verify this claim. Maybe this just happens on some
> versions? Either way I wouldn't assume it's intended behavior.
Other than an annoying inability to turn off "by default"
attachment of public key and signing each encrypted message,
I did not notice this behaviour.
Thunderbird is by far the best openPGP cross-platform
mail-client application around. However, my suggestion to
Thunderbird mail encryption users is to avoid any
"gnupg integration". In particular:
- If you really need to import some gnupg generated keys into
Thunderbird, clean them of any WOT crud first and treat that
as a one-way, one-time copy/transfer. Much better approach
is to consider the public/private key pair as an e-mail
address/application specific item, generated directly in,
and used only by Thunderbird.
- Devise you own method of getting public keys into the hands of
your correspondents and of their authentication and termination.
- Even if you use a mail attachment to initially send public key
to a correspondent, remember to turn off default "attach key"
for all subsequent messages. Likewise, do not sign messages by
default, but only when there is a good reason to do so.
- If at all possible, do not depend on Thunderbird to protect
your private key; instead, place your complete mail profile
directory hierarchy in an encrypted container.
With the above, and due to its popularity, Thunderbird has a
reasonable chance to increase that minuscule fraction of
encrypted e-mails.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users