Provde Axolotl as email encryption

UNCONFIRMED
Unassigned

Status

Thunderbird
Security
--
enhancement
UNCONFIRMED
3 years ago
2 years ago

People

(Reporter: Ruben, Unassigned)

Tracking

36 Branch
x86
Linux

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

3 years ago
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:36.0) Gecko/20100101 Firefox/36.0
Build ID: 20150224133811

Steps to reproduce:

I use PGP with Enigmail and SMIME a lot and try to convince others to start exchanging encrypted mails with me.


Actual results:

Many not so experienced users think it is far too complicated or tend to loose their keys when reinstalling OS and so on...


Expected results:

Encryption should be easy to install and easy to use without special knowledge.

Axolotl Ratchet  is used by Textsecure and is an enhanced version of OTR in a way to make it suitable for mobile applications, which has the probability to encrypt messages without both parties to have to be online at the same time as described here. The key exchange is happening asynchronously.
TextSecure also solves a couple of other issues, like out-of-order decryption and preventing metadata to be leaked through cleartexts.

This sounds to me perfect as a replacement for PGP, which is lacking Forward secrecy (PFS) and some other issues.

Please create a plugin that uses axolotl encryption for email communication.

Updated

3 years ago
Component: Untriaged → Security

Updated

2 years ago
Severity: normal → enhancement

Comment 1

2 years ago
https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm doesn't seem to be very popular
Summary: Create a Thunderbird plugin to use Axolotl as email encryption → Provde Axolotl as email encryption
You need to log in before you can comment on or make changes to this bug.