Open Bug 1663116 Opened 1 year ago Updated 3 months ago

add support for autocrypt by default in Thunderbird


(MailNews Core :: Security: OpenPGP, enhancement)



(Not tracked)


(Reporter: martin.monperrus, Unassigned)



Autocrypt is a promising direction for disseminating end-to-end encryption in the email realm.

This issue collects ideas and feedback on adding support for autocrypt by default in Thunderbird


Duplicate of this bug: 1663117
Component: Security → Security: OpenPGP
Product: Thunderbird → MailNews Core

Today I also faced the problem with the update of thunderbird in debian. With thunderbird+enigmail I had working autocrypt which is broken since todays update. Now messages are sent unencrypted to contacts to whom the messages before have been encrypted.

I am a supporter of Autocrypt. As Monperrus correctly wrote in the OP, Autocrypt is mainly for "disseminating end-to-end encryption in the email realm".
In the Debian bug You linked, You wrote "sending sensitive information unencrypted while expected it being encrypted might be dangerous.".
Securing sensitive information is not the Autocrypt approach. Autocrypt follows the new perspective of opportunistic security: Encrypt if possible, otherwise send unencrypted, but make it easy for the mass of users to get encryption disseminated in a first step.

Nevertheless, I agree that if Autocrypt in TB 78 does less encryption than with Enigmail, this should be improved. Clear text is not wrong, but more encryption is better ;)

(In reply to Magnus Melin [:mkmelin] from comment #4)

xref bug 135636

OMG! Thank You all very much that You do Your great work on this other 19 year old bug (and KaiE astonishingly even commented in the bug already at that time). What a time journey, Netscape 4.x is referred to, what screenshots. Interestingly, opportunistic security was already an idea then.
Glad, that this topic is in hands of such professional, longstanding heroes.

I run TB86 as my daily email while I wait for essential functionality that was previously provided by plugins, such as Enigmail, to be either built into TB 78+ or enabled by less alienated developers. To keep up, I run TB daily on another box. There's some nice features (rational date/time formats YAY!) and while the core GPG support is starting to be usable, though there's a huge amount of work to be done before it comes close to matching the features of Enigmail, there's no support for autocrypt yet. Unfortunately, this is a core capability for an email client and unless/until web extensions supports the necessary hooks, the only options are to remain with TB 68 for daily use (me so far) or switch to Interlink Mail and News as we had to do when FireFox self-immolated and people who cared switched to Waterfox (or Chrome).

You need to log in before you can comment on or make changes to this bug.