I have enabled default=signed for e-mails; however, for that specific e-mail, I explicitly de-selected signature.
Additionally, I never have enabled Autocrypt.
Finally, it's weird that there's nothing "Autocrypt" related on the main settings, and they are only on per-account settings.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Autocrypt is a proposed standard for email cryptography. Software
conforming to the Autocrypt standard agrees to package emails in a
specific way, to handle key distribution a specific way, and so on, in
order to make the experience as painless as possible for the end-user.
Part of the Autocrypt standard involves putting in the header a line
about Autocrypt. By putting it in the header, the people with whom you
correspond never have to care about Autocrypt -- but if they're using an
Autocrypt-enabled email client, their email client will know, and will
be able to do the appropriate things.
Enigmail was one of the first, if not the first, Autocrypt-compliant
email client. :)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If you don't want to advertise that, don't use Enigmail. The moment
anyone sees an Enigmail header in your email they're going to know
you're Autocrypt-capable. Then they're going to start wondering why
you've taken pains to hide the Autocrypt headers. :)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Your correspondents -- at least those using an Autocrypt-capable client
-- will still benefit from seeing that you're using Autocrypt, and that
they may use it to communicate back to you.
Does Enigmail have to touch everything, regardless of being asked to
stand down? 😕
I don't understand why you're so concerned that an Autocrypt-conformant
email client is going to behave like, well... an Autocrypt-conformant
email client.
If you don't like Autocrypt, that's fine: but in that case, you perhaps
should be using something other than Enigmail. :)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes it does. The idea is that this helps exchange the keys such that you can encrypt emails with people even if you didn't know they are using OpenPGP encryption.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello there,
I recently found these headers on my e-mail:
And I am wondering where do they come from.
I have enabled default=signed for e-mails; however, for that specific e-mail, I explicitly de-selected signature.
Additionally, I never have enabled Autocrypt.
Finally, it's weird that there's nothing "Autocrypt" related on the main settings, and they are only on per-account settings.
Autocrypt is a proposed standard for email cryptography. Software
conforming to the Autocrypt standard agrees to package emails in a
specific way, to handle key distribution a specific way, and so on, in
order to make the experience as painless as possible for the end-user.
Part of the Autocrypt standard involves putting in the header a line
about Autocrypt. By putting it in the header, the people with whom you
correspond never have to care about Autocrypt -- but if they're using an
Autocrypt-enabled email client, their email client will know, and will
be able to do the appropriate things.
Enigmail was one of the first, if not the first, Autocrypt-compliant
email client. :)
Thank you for the tl;dr rundown (it should be in a FAQ, if not already).
However, my question is "what if I don't want to advertise that?". "... by default?", "... without a global on/off flag?"
If you don't want to advertise that, don't use Enigmail. The moment
anyone sees an Enigmail header in your email they're going to know
you're Autocrypt-capable. Then they're going to start wondering why
you've taken pains to hide the Autocrypt headers. :)
What if this is an e-mail I didn't sign?
Does Enigmail have to touch everything, regardless of being asked to stand down? 😕
Your correspondents -- at least those using an Autocrypt-capable client
-- will still benefit from seeing that you're using Autocrypt, and that
they may use it to communicate back to you.
I don't understand why you're so concerned that an Autocrypt-conformant
email client is going to behave like, well... an Autocrypt-conformant
email client.
If you don't like Autocrypt, that's fine: but in that case, you perhaps
should be using something other than Enigmail. :)
Yes it does. The idea is that this helps exchange the keys such that you can encrypt emails with people even if you didn't know they are using OpenPGP encryption.
I am concerned with applications jumping the gun under my nose, and not being configurable when asked to.
You are right, probably Enigmail is no longer for me. Thanks!
That is actually not correct. You can disable Autocrypt in the account settings if you don't want to use the feature.
I was under the impression that that was not possible? 😕
From what that sounds, that's per account 😕
I have 8 right now - I am not going to that 8 times; and I have anyway removed Enigmail.