[opensuse] Opportunistic encryption in Thunderbird?
Hi, I have a FinEID card with certificate and a corresponding card reader and I can sign and encrypt emails in Thunderbird just fine. What I would like TB to do is automatically also encrypt emails if it knows a certificate for the recipient. In the security settings, there's only "Never" and "Required". "Never" requires me to always select encryption manually and when I set "Required" I can't send an email without encryption. Is there any way to get TB to simply non-interactively use encryption when possible? -S -- (o_ Stefan Gofferje | SCLT, MCP, CCSA //\ Reg'd Linux User #247167 | VCP #2263 V_/_ Heckler & Koch - the original point and click interface
On 2014-06-03 10:42, Stefan Gofferje wrote:
In the security settings, there's only "Never" and "Required". "Never" requires me to always select encryption manually and when I set "Required" I can't send an email without encryption.
Is there any way to get TB to simply non-interactively use encryption when possible?
Maybe it is intentional not to have it. If you have a destination to whom you whom you should normally send encrypted, and set opportunistic encryption, the day that the certificate fails or something, like forgetting to plug your card, that sensitive email will go out in clear, by "accident". -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 06/03/2014 05:02 PM, Carlos E. R. wrote:
Maybe it is intentional not to have it.
Yeah, such stuff *is* always intentional in Mozilla...
If you have a destination to whom you whom you should normally send encrypted, and set opportunistic encryption, the day that the certificate fails or something, like forgetting to plug your card, that sensitive email will go out in clear, by "accident".
In a perfect world in which everybody uses encryption, that might be a problem... BTW - for expired certs, we could open alert dialogs... With the current system, it's much more likely that I forget to click on "encrypt" and myself send the mail out unencrypted by accident because the vast majority of my contacts does NOT use encryption. And for the ones who do, using encryption is fairly important... The thing is, that by far not everybody signs or encrypts email and as long as it is a hassle to users, that won't change. So again, Mozilla actually makes things worse but enforcing some "security policy" which doesn't make sense in the real world... Luckily I meanwhile found an addon "encrypt when possible" which does what I need and can even warn if something is fishy :). -S -- (o_ Stefan Gofferje | SCLT, MCP, CCSA //\ Reg'd Linux User #247167 | VCP #2263 V_/_ Heckler & Koch - the original point and click interface
On 2014-06-03 18:40, Stefan Gofferje wrote:
Luckily I meanwhile found an addon "encrypt when possible" which does what I need and can even warn if something is fishy :).
It would be better a feature to choose enforce encryption for some recipients, or to disable for others. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 2014-06-03 19:00, Carlos E. R. wrote:
On 2014-06-03 18:40, Stefan Gofferje wrote:
Luckily I meanwhile found an addon "encrypt when possible" which does what I need and can even warn if something is fishy :).
It would be better a feature to choose enforce encryption for some recipients, or to disable for others.
With PGP, in Thunderbird, you get "per recipient rules". With pkcs no. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 06/03/2014 08:06 PM, Carlos E. R. wrote:
With PGP, in Thunderbird, you get "per recipient rules". With pkcs no.
Unfortunately, PGP is kinda "geek-stuff" while PKCS tends to be what is used in the government and enterprise environments :). -- (o_ Stefan Gofferje | SCLT, MCP, CCSA //\ Reg'd Linux User #247167 | VCP #2263 V_/_ Heckler & Koch - the original point and click interface
On 06/03/2014 08:00 PM, Carlos E. R. wrote:
On 2014-06-03 18:40, Stefan Gofferje wrote:
Luckily I meanwhile found an addon "encrypt when possible" which does what I need and can even warn if something is fishy :).
It would be better a feature to choose enforce encryption for some recipients, or to disable for others.
Jeps or you can set encrypt by default and if something is wrong (like no rule or so), Enigmail will open a popup and ask "send unencrypted?" Why they don't do this in TB for PKCS...? -S -- (o_ Stefan Gofferje | SCLT, MCP, CCSA //\ Reg'd Linux User #247167 | VCP #2263 V_/_ Heckler & Koch - the original point and click interface
On 2014-06-03 19:28, Stefan Gofferje wrote:
On 06/03/2014 08:00 PM, Carlos E. R. wrote:
On 2014-06-03 18:40, Stefan Gofferje wrote:
Luckily I meanwhile found an addon "encrypt when possible" which does what I need and can even warn if something is fishy :).
It would be better a feature to choose enforce encryption for some recipients, or to disable for others.
Jeps or you can set encrypt by default and if something is wrong (like no rule or so), Enigmail will open a popup and ask "send unencrypted?" Why they don't do this in TB for PKCS...?
Yes, it has more features. Dunno why pkcs doesn't. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
participants (2)
-
Carlos E. R. -
Stefan Gofferje