227804 - ALLOW USAGE OF GPG/PGP KEYS **WITHOUT** CERTS

Status: RESOLVED INVALID

(Thunderbird :: Preferences, defect)

Description

[David McNab]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031024 Galeon/1.3.10 (Debian package 1.3.10-2)
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031024 Galeon/1.3.10 (Debian package 1.3.10-2)

T'bird 0.4 is refusing to let me use my own GPG key for signing/decrypting, or
anyone else's key for encrypting/verifying.

If there was an option to turn off this 'compulsory certificates' thing, I'd
call it a feature. But IMO, the inability to use uncertified GPG keys at my
discretion is most definitely a bug.

T'bird 0.4 is otherwise nice - especially now that it has URL handling. But this
compulsory certificate thing is a deal-breaker for me, and has forced me to go
back to 0.3

Reproducible: Always

Steps to Reproduce:
1. Click Tools/Account Settings
2. On one of the existing accounts, click 'security'
3. Observe that t'bird does not allow you to use a GPG key - it instead demands
a certificate
Actual Results:  
T'bird fails to allow signing/encryption/decryption/verification

Expected Results:  
Thunderbird should support the 0.3 behaviour (with Enigmail), where you can use
uncertified GPG keys. Warning the user about dangers of uncertified keys (eg
MITM attack) is acceptable - IMO, refusing to use unsigned keys is not.

Comment 1

[Tobias Sager]

GPG should be PGP in summary.

Comment 2

[Heikki Toivonen (remove -bugzilla when emailing directly)]

Mozilla and Thunderbird do not do PGP. Enigmail does, but that is an extension. Please file extension bugs with the appropriate extension project. In this case, Enigmail, at http://enigmail.mozdev.org/

By the way, I also am an Enigmail user. Enigmail and Thunderbird (1.5) work fine for me.

Marking this as invalid.