I haven't tested this myself but from a quick check with someone who uses Thunderbird they couldn't verify this claim. Maybe this just happens on some versions? Either way I wouldn't assume it's intended behavior.
Other than an annoying inability to turn off "by default" attachment of public key and signing each encrypted message, I did not notice this behaviour. Thunderbird is by far the best openPGP cross-platform mail-client application around. However, my suggestion to Thunderbird mail encryption users is to avoid any "gnupg integration". In particular: - If you really need to import some gnupg generated keys into Thunderbird, clean them of any WOT crud first and treat that as a one-way, one-time copy/transfer. Much better approach is to consider the public/private key pair as an e-mail address/application specific item, generated directly in, and used only by Thunderbird. - Devise you own method of getting public keys into the hands of your correspondents and of their authentication and termination. - Even if you use a mail attachment to initially send public key to a correspondent, remember to turn off default "attach key" for all subsequent messages. Likewise, do not sign messages by default, but only when there is a good reason to do so. - If at all possible, do not depend on Thunderbird to protect your private key; instead, place your complete mail profile directory hierarchy in an encrypted container. With the above, and due to its popularity, Thunderbird has a reasonable chance to increase that minuscule fraction of encrypted e-mails. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
