Integrate and automate certificate generation and check



3 years ago
3 years ago


(Reporter: hartnegg, Unassigned)


38 Branch

Firefox Tracking Flags

(Not tracked)




3 years ago
Currently obtaining a free S/MIME certificate is possible, and requires only proving that one can receive emails for a certain address

But it is way to complicated, requires Firefox, export, import, configure.

Please integreate it into Thunderbird and (in cooperation with a certificate issuer) make it fully automatic, such that the user just has to click a button "create certificate for this address", and a few seconds later click on a link in an incoming email.

Comment 1

3 years ago
And to make such cheap certificates more secure, create a variant which sends not just one, but several emails spread over a month or two, and require the user to click the link in each of them. It is much less likely that an email account is compromized over an extended period of time. An attacker can easily get a mobile phone under control for a few minutes, but not plannable several times over an extended period, at different weekdays and different times of day. Eventually the legitimate user would get one of these emails and would notice what is going on, making it much less likely that such a certificate can be obtained by somebody else.

Comment 2

3 years ago
I know we are interested in investigating approaches to making secure email easier to use. The problem is always in the details, as your comment 1 starts to get into.
Component: Untriaged → Security
Ever confirmed: true
You need to log in before you can comment on or make changes to this bug.