Size: 3687
Comment: improve section about switching off the dots
|
Size: 3852
Comment: improve phrasing in the first section
|
Deletions are marked like this. | Additions are marked like this. |
Line 10: | Line 10: |
rest of the operating system and other applications that are using GnuPG. They have an [[https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq|FAQ]]. Some abilities that GnuPG provides are missing, e.g. handling of hardware tokens like smardcards or usb devices. |
rest of the operating system and other applications that are using GnuPG for example. Some abilities that GnuPG provides are missing, e.g. handling of hardware tokens like smardcards or usb devices. |
Line 15: | Line 13: |
Thunderbird can still enable to use the system's GnuPG installation | Thunderbird can still be configured to use a system's GnuPG installation |
Line 18: | Line 16: |
The Thunderbird people have an [[https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq|FAQ about the new OpenPGP support]]. |
|
Line 24: | Line 24: |
[[https://lists.gnupg.org/pipermail/gnupg-users/2019-October/062782.html|explanation of Enigmail's maintainer]]. Enigmail's support for this version stopped 2021-10-31. | [[https://lists.gnupg.org/pipermail/gnupg-users/2019-October/062782.html|explanation of Enigmail's maintainer]]. Enigmail's support for this version [[https://www.enigmail.net/index.php/en/home/news/71-2021-08-31-end-of-support-for-thunderbird|stopped 2021-10-01]]. |
Thunderbird (since version 78 first released 2020-07) implements its own OpenPGP/MIME support, using the libraries RNP (https://github.com/rnpgp/rnp) and Botan.
The main advantage for Thunderbird users is that they do not have to install an additional application like Gpg4win on Windows. The main drawback is that Thunderbird has its own handling of key material which is separated from the rest of the operating system and other applications that are using GnuPG for example. Some abilities that GnuPG provides are missing, e.g. handling of hardware tokens like smardcards or usb devices.
Thunderbird can still be configured to use a system's GnuPG installation for private key operations see https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards .
The Thunderbird people have an FAQ about the new OpenPGP support.
History
Until version 68 (last release 2020-10), Thunderbird did not have a OpenPGP/MIME functionality included, but someone could use Enigmail which used GnuPG. A necessary and large change in how browser extensions can be implemented made Enigmail's technical implementation unfit for newer versions. See the explanation of Enigmail's maintainer. Enigmail's support for this version stopped 2021-10-01.
It is unknown in public what the main reasons for doing a new implementation instead of using GnuPG (and Gpg4win) were. One Mozilla developer raised licensing issues, but other people have pointed out that GPGME is GNU LGPL and the GNU GPL of GnuPG itself allows for a combined distribution of Thunderbird and GnuPG.
Previously in 1999 and 2005, Mozilla rejected to include (already implemented) OpenPGP/MIME functionality because they were preferring S/MIME according to Werner Koch.
Hints
Switch off the dots in subjects (incompatible subject header encryption)
Unfortunately Thunderbird implemented an experimental way to try to protect the subject header line of an email which is not backwards compatible but enabled by default.
So many other email clients with just see three dots like ... in the subject, where the sender added information.
We recommend to switch it off. This can be done with a hidden option since Thunderbird 78.5.1, see https://support.mozilla.org/en-US/questions/1304451#answer-1375985 .
Transport information in a decentral network - just like the writing on the outside of a postal mail envelope - cannot we protected in principle. When reflecting on this, chose a subject that is plausible in context, but without sensitive contents, to best veil potential unwanted observers. (Your thinking is right: The more sensitive this is, the more you have to build up a plausible context for your unavoidable traces first.)
Details
For version 91 (checked 2021-12-02) the FAQ still states that the encryption cannot be disabled in the GUI: https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq#w_can-i-disable-the-encryption-of-the-email-subject
For the reasoning why Thunderbird's implementation is suboptional, see January to March 2021 on gnupg-user, e.g.