Had those same concerns as there are a multitude of mozilla master password decrypters out there. Plus keeping two key stores in sync could be problematic.
On 9/7/2020 12:57 PM, li...@datenritter.de wrote: > Hi all, > > So, Thunderbird will finally implement OpenPGP. Great! \o/ > > Unfortunately, Mozilla as usual have their own way... /o\ > > TB will store PGP-Keys without encryption - unless you use a master > password. Which... must be entered on every start anyway. > > One password for everything might seem comfortable, but doesn't that > mean our keys will be kept in memory without any protection? Sounds like > a terrible idea to keep sensitive information like this in a complex and > most probably still buggy application like TB. > > Enigmail asks for pasphrases on demand and comes with a timeout option. > Keys are protected by gpg, which also handles decryption, so it would > never spit out any key data unless there's a bug in the pgp binary. With > enigmail and gpg a memory leak in TB would not compromise your keys. Am > I right? (Or is gpg executed in TB's address space?) > > Looks like a certain loss of security to me. > > Also, in the future we have to maintain two separate key storages, > because TB has to have it's Extrawurst*. > > The web of trust is basically dead - but keysigning by all means is not. > TB will replace enigmail before WoT functionality has been implemented. > If ever. > > ATM, this is the scariest change to deal with in the FOSS world. > Please tell me I got it all wrong. > > d. > > > > (* Funny German word for special treatment.) > > _______________________________________________ > enigmail-users mailing list > enigmail-users@enigmail.net > To unsubscribe or make changes to your subscription click here: > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net _______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
