Menu

Autocrypt headers

stdedos
2021-06-15
2021-06-16
  • stdedos

    stdedos - 2021-06-15

    Hello there,

    I recently found these headers on my e-mail:

    Openpgp: preference=signencrypt
    Autocrypt: addr=...
    

    And I am wondering where do they come from.

    I have enabled default=signed for e-mails; however, for that specific e-mail, I explicitly de-selected signature.
    Additionally, I never have enabled Autocrypt.

    Finally, it's weird that there's nothing "Autocrypt" related on the main settings, and they are only on per-account settings.

     
    • Rob

      Rob - 2021-06-15

      Autocrypt is a proposed standard for email cryptography. Software
      conforming to the Autocrypt standard agrees to package emails in a
      specific way, to handle key distribution a specific way, and so on, in
      order to make the experience as painless as possible for the end-user.

      Part of the Autocrypt standard involves putting in the header a line
      about Autocrypt. By putting it in the header, the people with whom you
      correspond never have to care about Autocrypt -- but if they're using an
      Autocrypt-enabled email client, their email client will know, and will
      be able to do the appropriate things.

      Enigmail was one of the first, if not the first, Autocrypt-compliant
      email client. :)

       
  • stdedos

    stdedos - 2021-06-15

    Thank you for the tl;dr rundown (it should be in a FAQ, if not already).

    However, my question is "what if I don't want to advertise that?". "... by default?", "... without a global on/off flag?"

     
    • Rob

      Rob - 2021-06-15

      If you don't want to advertise that, don't use Enigmail. The moment
      anyone sees an Enigmail header in your email they're going to know
      you're Autocrypt-capable. Then they're going to start wondering why
      you've taken pains to hide the Autocrypt headers. :)

       
  • stdedos

    stdedos - 2021-06-15

    What if this is an e-mail I didn't sign?

    Does Enigmail have to touch everything, regardless of being asked to stand down? 😕

     
    • Rob

      Rob - 2021-06-15

      What if this is an e-mail I didn't sign?

      Your correspondents -- at least those using an Autocrypt-capable client
      -- will still benefit from seeing that you're using Autocrypt, and that
      they may use it to communicate back to you.

      Does Enigmail have to touch everything, regardless of being asked to
      stand down? 😕

      I don't understand why you're so concerned that an Autocrypt-conformant
      email client is going to behave like, well... an Autocrypt-conformant
      email client.

      If you don't like Autocrypt, that's fine: but in that case, you perhaps
      should be using something other than Enigmail. :)

       
  • Patrick Brunschwig

    Yes it does. The idea is that this helps exchange the keys such that you can encrypt emails with people even if you didn't know they are using OpenPGP encryption.

     
  • stdedos

    stdedos - 2021-06-16

    I am concerned with applications jumping the gun under my nose, and not being configurable when asked to.

    You are right, probably Enigmail is no longer for me. Thanks!

     
    • Patrick Brunschwig

      That is actually not correct. You can disable Autocrypt in the account settings if you don't want to use the feature.

       
  • stdedos

    stdedos - 2021-06-16

    If you don't want to advertise that, don't use Enigmail.

    I was under the impression that that was not possible? 😕

    From what that sounds, that's per account 😕
    I have 8 right now - I am not going to that 8 times; and I have anyway removed Enigmail.

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.