Re: Future OpenPGP Support in Thunderbird

2019-10-09 Thread Dmitry Alexandrov via Gnupg-users 
Patrick Brunschwig  wrote:
> The Thunderbird developers have announced that they will implement OpenPGP 
> support in Thunderbird 78 [1].

A long awaited news indeed!

> Support for Thunderbird in Enigmail will therefore be discontinued.

Pity, but I hope it will be better that way.  In particular I hope, that 
Mozilla will not follow your example and won’t entice users to proprietary 
isolated keyserver [0] instead of distributed SKS network thus splitting the 
keybase.  And won’t promote standards [1] that suspiciously resemble 
embrace-extend-and-extinguish tactics employed against PGP either.

[0] https://keys.openpgp.org
[1] https://pep.security


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [Enigmail] Future OpenPGP Support in Thunderbird

2019-10-09 Thread Dmitry Alexandrov via Gnupg-users 
"Hernâni Marques (p≡p foundation)"  wrote:
> On 08.10.19 18:37, Dmitry Alexandrov wrote:
>
>> Pity, but I hope it will be better that way.  In particular I hope, that 
>> Mozilla will not follow your example and won’t entice users to proprietary 
>> isolated keyserver [0] instead of distributed SKS network thus splitting the 
>> keybase.  And won’t promote standards [1] that suspiciously resemble 
>> embrace-extend-and-extinguish tactics employed against PGP either.
>> 
>> [0] https://keys.openpgp.org 
>> [1] https://pep.security
>
> pEp is not against PGP it's just PGP-supporting as much as it makes sense for 
> interop reasons

Well, I’m glad to hear that, but it’s really a pity, that supporting Autocrypt 
does not make sense for you.

> and goes beyond email already today; and it's designed from the very 
> beginning on to support other crypto[formats] as well (agnosticism on 
> messaging & crypto[format])

A double pity in light of your decision to not only support but actually 
_prefer_ other cryptoformats over PGP whenever possible for the sake of 
‘forward secrecy’ [1] — that’s when Autocrypt is exactly the extension to PGP 
that can provide forward secrecy, if needed.

[1]
| How does p≡p select the most secure way of sending an email or a message?
|
| When a p≡p user is communicating with another p≡p user:
|
| 1. if online communication available: OTR through GNUnet.
|
| 2. if online communication not available:
|
| a. if anonymizing platform available, OpenPGP through anonymizing platform 
(i.e. Qabel),
|
| b. if anonymizing platform not available, fallback to OpenPGP.
|
| When a p≡p user is communicating with a non-p≡p user then depending on the 
capabilities of the non-p≡p user:
|
| 1. if anonymizing and forward secrecy is possible, use that (i.e. OTR over 
GNUnet).
|
| 2. if anonymizing but no forward secrecy is possible, use that (i.e. OpenPGP 
over Qabel).
|
| 3. if forward secrecy is possible, use that (i.e. OTR).
|
| 4. if hard cryptography but no forward secrecy is possible, use that (i.e. 
OpenPGP)
|
| 5. if only weak cryptography is possible, use that (i.e. S/MIME with 
commercial CAs)
|
| 6. send unencrypted.
— https://www.pep.security/en/faq/


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users