Native PGP support in ThunderBird

miriam
2013-08-05
2013-08-06
  • miriam

    miriam - 2013-08-05

    In the light of the recent events , are there plans to merge this lovely extension to the thunderbird core, so it will be more appealing for the users?
    I see it has been converted to be more portable and have less binary code already.
    It is a unneccessary burden if people have to install TB AND gpg AND enigmail to encrypt their e-mails safely.
    It could lead to more people using safe emails if it would be running in their e-mail software by default.

     
  • Patrick Brunschwig

    Whether or not Enigmail is part of Thunderbird is up to the Thunderbird product team, the Enigmail team has no influence on this. The initial request for doing so is more than 10 years old ...

    However, I'm planning to simplify the installation of GnuPG, i.e. to offer to download and install GnuPG as part of the Enigmail setup process. It's currently work in progress but not yet testable.

     
  • miriam

    miriam - 2013-08-05

    Since TB is a community development thing these days all one gets for asking is "only if someone of the community will do it", so how about the developers of enigmail?
    They seem to be the best choice to do it, or am i missing something here?

     
  • Ludwig Hügelschäfer

    If "built in" was the decisive argument, then lots of people would use the S/MIME encryption standard built in TB. Free certificates are available.

    But things are not so easy: Encryption is quite a challenge for all not having a education with technical/mathematical background. Reading our mailing list and this support forum for a while proves this.

     
  • miriam

    miriam - 2013-08-05

    well maybe the argumentation is not as solid as i thought it would be. It is my personal opinion after all, but i think this is the best place to ask for work on https://bugzilla.mozilla.org/show_bug.cgi?id=22687
    which so far nobody really started on.
    Who else than those that already deal with both TB and pgp are suited to make it both usable and working?

     
  • Ludwig Hügelschäfer

    Part of this bug is about integrating the GUI - which is Enigmail - and feasible, I think. Somebody - probably our team - would be responsible to fix bugs within this component and adapt to future design/API changes.

    But: this bug is also about integrating the cryptographic functions of the gnupg suite into Thunderbird. This I regard as completely impossible given the limited resources, especially as Mozilla has dramatically cut funding of Thunderbird development about a year ago. Who should do the maintenance? Who would adapt this code and keep up with gnupg development? Would this code be as reputable as the original gnupg code? This all requires manpower neither volunteer Thunderbird developers nor the Enigmail team can provide.

    I therefore much appreciate the way Patrick has chosen: If after Enigmail installation no gnupg can be found, it will offer to download the suitable gnupg installer for the specific platform and execute it. This is pragmatic and can be done today, using our resources.

     
  • miriam

    miriam - 2013-08-05

    Well, it could be a joined effort in two steps:
    1) Get rid of Enigmail as a plugin and merge the userinterface into Thunderbird while still using external gpg
    I guess you will be adapting to gpg changes in enigmail either way, be it as plugin or coreside

    2) get in touch with http://openpgpjs.org/ /http://www.mail-archive.com/list@openpgpjs.org/info.html /https://github.com/openpgpjs/openpgpjs/

    or http://www.hanewin.net/encrypt/

    and see if you can bring that code in and solve the bug completely.

     
    Last edit: miriam 2013-08-05
  • Patrick Brunschwig

    Mozilla bug 22687 dates back to 1999, it is ca. 14 years old. Several attempts were made from my side to have Enigmail integrated in one way or the other into Thunderbird, and they were all rejected for various reasons. This was before Mozilla was a profit-oriented company and also later. Even today, there are still a few people from Mozilla who take the product responsibility. You'd have to convince them to integrate OpenPGP into the product, not us here.

    The problem is not so much the openpgp library to use - you could just as well integrate libgcrypt into Thunderbird.

    To make it fully clear: I won't do anything pro-actively into this direction anymore. I don't have as much time as I used to have 7 or 10 years ago, so I won't work on this.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks