-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 08/17/2013 07:30 PM, Patrick Brunschwig wrote: >> Do you see any glaring problems with that idea? Technically, I >> assume I have to use encryptAttachment from enigmail.js to >> encrypt the attachment before attaching it. > > This would certainly work, but I'd say it would be a lot easier to > use PGP/MIME. The reason I am not using that is that I know that the "normal" (inline PGP) method is always possible, just like attaching encrypted files or detached signatures is always possible and works. PGP/MIME may look better, but it may result in weird behaviour with some clients, or so I've heard. So, I'm staying on the safe side and use the regular method.
> What's the purpose of encrypting a *public* key? Alternatively you > just upload the key to a keyserver. The only reason for encryption > I can imagine is avoid that someone else could delete your > signature from the key and add his own signature. But for adding a > signature you can again just use a keyserver. I never quite > understood why caff encrypts messages containing just a public > key. The reason you encrypt a public key is another added measure of certainty that you are talking to the right person: The person needs access to the eMail account AND be able to produce the secret key to decrypt the public key with the signatures. Plus, I guess you could make a case for "data hygiene" (not sending anything unencrypted that does not have to be sent that way) and public key privacy (in the sense that some people don't upload their key to a keyserver, and don't want their pubkeys read, as the signatures tell others who they are interacting with). And yes, I realize that "public key privacy" is probably a strange way to put that. So, which method would you prefer to see implemented? If X-Enigmail-Draft-Status can be used to make the client encrypt the mail (I assume by setting it to "nsIEnigmail.SEND_ENCRYPTED"?), the whole Inline vs PGP/MIME-Debate can be avoided by just using the users preferences, so it's probably best to use that. Max -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJSD7iwXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEM0ODA5N0EzQUY3RDU1MTg5QTc3QUMx NjlGOTYyNDM0MDg4MjVFAAoJEBafliQ0CIJe4oMQAKPPzZVFPKc3RPG9NmPgSzG4 ns7R2jItSOhvr9kWw2ORQq9o1/BBxOFW5IUgQTv4SEoYgzsDqkskmv134m+enWt9 fo6FEL14apXoIce/0jZA4mMp46nKf0CoTNBdFEKZgMnfwHxJF+N+tnLQNq7nolZP 75p1nAc0gROpHSBruKoPAyDmy3AByXssRzsVlojVF1cSmsSyEPtQfBi6jZvwFajs 2TUpjLTxsaT64Zyu5MJMg54He7EjGCxiCqRYOqAInl6Bg1WLBKHV6yMQy08tugdY E84/MaLMb99FrULYM7SWc/FeYBaZHOpmHgcepjNKmj+ZMH4/m33FLYyI/aSSyvdT JArqZkLWh0og9wojpBWkL7TR9c3h0S7rtiueYCHQ9va77ISxlozs4P8Fhee7+Qts Dpb9oPLwV2Ss/FZGixaMpyqkhRsObXMz7Kw61kC1XR54VWOJ9QObCp7RrC/ADngf glRkfiyYHHOzET12Cho4BRKJXSyIYTKH8+nyE2bdmCEU8nSxmil4Y4TfvFvvCEPz yhe3LRBF0f4Aw/xH7KRu9t3fFZiDn17BIWhHBXEdBOltjBcSKk6PANRGyug2UBaJ m0Tp/rCYkd8jjcPSh2ji4UbWu7sX3/G9+TZGeC7gzAwFuBaysWdJ9q7c4dufQykq fabONcxCwRzC7XlZcQbI =Mntw -----END PGP SIGNATURE----- _______________________________________________ enigmail-users mailing list [email protected] https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
