Hi all, So, Thunderbird will finally implement OpenPGP. Great! \o/
Unfortunately, Mozilla as usual have their own way... /o\ TB will store PGP-Keys without encryption - unless you use a master password. Which... must be entered on every start anyway. One password for everything might seem comfortable, but doesn't that mean our keys will be kept in memory without any protection? Sounds like a terrible idea to keep sensitive information like this in a complex and most probably still buggy application like TB. Enigmail asks for pasphrases on demand and comes with a timeout option. Keys are protected by gpg, which also handles decryption, so it would never spit out any key data unless there's a bug in the pgp binary. With enigmail and gpg a memory leak in TB would not compromise your keys. Am I right? (Or is gpg executed in TB's address space?) Looks like a certain loss of security to me. Also, in the future we have to maintain two separate key storages, because TB has to have it's Extrawurst*. The web of trust is basically dead - but keysigning by all means is not. TB will replace enigmail before WoT functionality has been implemented. If ever. ATM, this is the scariest change to deal with in the FOSS world. Please tell me I got it all wrong. d. (* Funny German word for special treatment.) _______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
