Am 31.05.2020 um 12:35 schrieb Patrick Brunschwig: > Andreas Boehlk Computer-Service wrote on 31.05.2020 11:09: >> Hello Patrick, >> >> >> Am 31.05.2020 um 10:01 schrieb Patrick Brunschwig: >>> Mark wrote on 31.05.2020 01:28: >>>> Doesn't TB also need your secret keys to decrypt messages? >>> >>> With smartcard support via GnuPG, all secret key operations are handled >>> by GnuPG, and all public key operations are handled by TB (Note: the >>> standard case, without smartcard support, will be that all keys are in >>> Thunderbird). >>> >>> The use-cases are clearly distinct: >>> - encryption: you only need public keys >>> - decryption: you only need secret keys >>> - signing: you only need secret keys >>> - verification: you only need public keys >>> >> The standard user will not be able to work with that "solution". >> Compared to the "enigmail-solution" this is the hell and bound to fail. > > Let's first define Standard users. The majority of users who use > smartcards that *I* know are expert or power users. They can handle this. > > The "Standard users" I have in mind don't use GnuPG for anything else > than encrypting mails, and they don't use smartcards either. They won't > have this issue in any way. > >>>> Also what if you need your public keys outside of TB such as encrypting >>>> a file? >>> >>> That's not supported by Thunderbird. The idea of OpenPGP in Thunderbird >>> is that you use it for email. >>> >> That is correct, but nevertheless it is mandatory to have and use a >> single key-store. > > For which use-case precisely? If you only use OpenPGP for emails (and > given the users I know who had support cases in the past, this is true > for the majority of the Enigmail users), then this is irrelevant. > The use cases are clear and I myself and some of my clients use them. And when I speak from my point of view it is enough work to take care of one key store and I personally do not want to have a second one; and this second one has to be synchronized on every single endpoint as well. That is twice the work.
> To be quite clear: Thunderbird will not support GnuPG for scenarios > other than handling secret keys. And that's only because the OpenPGP > library they use can't handle smartcards yet. Once the library will > support smartcards, I expect that GnuPG support will be removed entirely. > From then on PGP and the second key store will be mandatory for the purpose of signing and decrypting. > Note: I'm not a Thunderbird developer and I don't drive Thunderbird > decisions -- this is simply my expectation of what will happen. > Yes, I got that of course. It is just my lack of understanding TB's decision to not trying to adapt a running system in a proper way. > -Patrick > Andreas
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
