Open Bug 1140409 Opened 9 years ago Updated 2 years ago

Provde Axolotl as email encryption

Categories

(Thunderbird :: Security, enhancement)

Product:
Thunderbird
Component:
Security
Version:
36 Branch
Platform:
x86
Linux
Type:
enhancement

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: mozilla, Unassigned)

References

(
URL
)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:36.0) Gecko/20100101 Firefox/36.0
Build ID: 20150224133811

Steps to reproduce:

I use PGP with Enigmail and SMIME a lot and try to convince others to start exchanging encrypted mails with me.


Actual results:

Many not so experienced users think it is far too complicated or tend to loose their keys when reinstalling OS and so on...


Expected results:

Encryption should be easy to install and easy to use without special knowledge.

Axolotl Ratchet  is used by Textsecure and is an enhanced version of OTR in a way to make it suitable for mobile applications, which has the probability to encrypt messages without both parties to have to be online at the same time as described here. The key exchange is happening asynchronously.
TextSecure also solves a couple of other issues, like out-of-order decryption and preventing metadata to be leaked through cleartexts.

This sounds to me perfect as a replacement for PGP, which is lacking Forward secrecy (PFS) and some other issues.

Please create a plugin that uses axolotl encryption for email communication.
Component: Untriaged → Security
Severity: normal → enhancement
https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm doesn't seem to be very popular
URL: https://en.wikipedia.org/wiki/Double_...
Summary: Create a Thunderbird plugin to use Axolotl as email encryption → Provde Axolotl as email encryption
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.