Closed
Bug 876212
Opened 11 years ago
Closed 11 years ago
implement OTR encryption into emails
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: mozilla, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:21.0) Gecko/20100101 Firefox/21.0 (Beta/Release) Build ID: 20130512194354 Steps to reproduce: I tried to convince my contacts to encrypt our messages. Actual results: This is nearly impossible, because both: SMIME and PGP-Enigmail are not simple enough to be made for everybody. You need to have some little computer skills to manage to encrypt your mails. Expected results: There must be a simple solution available like OTR ("Off The Record") encryption for instant messaging. The keys should be automatically exchanged without verification at first. This way email encryption would be possible without any knowledge. In a second step: if you want to be sure that it is really the right person, you can verify the identity manually. But this second step is optional. The most important thing would be, that encryption starts automatically without the user have to configure anything. Only this way you convince a large percentage of your contacts.
Updated•11 years ago
|
Component: Untriaged → Security
Comment 1•11 years ago
|
||
The work involved in setting up S/MIME and PGP may be difficult, but the answer is not to unilaterally construct a new protocol. Such an action would do a great disservice to our users, especially as I don't think we have any security experts on hand who have the time to ensure that the protocol is actually secure. And, for what it's worth, encryption without verification is as insecure as no encryption in today's email system. Verifiability is *not* an optional security step. As a result, this is WONTFIX. If you have a specific protocol description in mind (and at least as detailed as an RFC), please open a new bug to discuss implementation.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•