Am Donnerstag 17 Februar 2022 17:35:53 schrieb Robert J. Hansen via Gnupg-users: > Thunderbird doesn't use GnuPG.
For some operations it still can (be configured to do so). Anyway, we do have a wiki page for hints https://wiki.gnupg.org/EMailClients/Thunderbird > However, for those who do: > apparently, Thunderbird is a big fan of attaching public certificates > (and/or revocation certificates, for revoked keys) to outgoing emails > for *every private certificate on your keyring*, regardless of whether > that private key is actually associated with the account in question. > > This has the potential to leak personal information, especially if > you're in a use case where you have two or more keys presenting > different pseudonymous identities. Without knowing it, you might > accidentally reveal you're the common actor behind both. Sounds like a defect to me, do you have a problem report ticket with Thunderbird or a forum entry which described the problem in more detail (like which version is affected). Overall I believe that attaching pubkeys (like autocrypt proposes) is not a good idea (the arguments put forward elsewhere). Thanks for your warning, what about if we put it on our wiki page? Regards, Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
