Re: [Enigmail] [ANN] Enigmail 2.0 Beta 1 Available

2018-02-12 Thread Sebastian 
On 2018-02-12 21:00, Philip Jackson wrote:
> Sorry, I didn't make myself really clear.
> My concern was that I got the impression that the dummy message would
> always be equal to "Encrypted message" rather than to a random but
> sensible short message.

Is there a difference? The body is still easily recognizable as
encrypted. Every entity which could read the "Encrypted Message" subject
can also recognize the body as encrypted.
Futhermore a random (and thus more or less unique) string again leaks
information what you actually want to prevent.

Sebastian

-- 
python programming - mail server - photo - video - https://sebix.at
cryptographic key at https://sebix.at/DC9B463B.asc and on public keyservers




signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] [ANN] Enigmail 2.0 Beta 1 Available

2018-02-12 Thread Philip Jackson 
On 12/02/18 20:38, Sebastian wrote:
> On 2018-02-12 20:03, Philip Jackson wrote:
>> If this is so, it will be very easy for any isp to have their 
>> attention drawn to an encrypted message. Did I misread this info 
>> ?
> Every entity which can read the subject can also read the 
> (encrypted) message body. So if the body is encrypted, the 
> (unencrypted) subject leaks information.
> 
Sorry, I didn't make myself really clear.

My concern was that I got the impression that the dummy message would
always be equal to "Encrypted message" rather than to a random but
sensible short message.

Philip

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] [ANN] Enigmail 2.0 Beta 1 Available

2018-02-12 Thread Sebastian 
On 2018-02-12 20:03, Philip Jackson wrote:
> If this is so, it will be very easy for any isp to have their attention
> drawn to an encrypted message. Did I misread this info ?
Every entity which can read the subject can also read the (encrypted)
message body. So if the body is encrypted, the (unencrypted) subject
leaks information.

-- 
python programming - mail server - photo - video - https://sebix.at
cryptographic key at https://sebix.at/DC9B463B.asc and on public keyservers




signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] [ANN] Enigmail 2.0 Beta 1 Available

2018-02-12 Thread Philip Jackson 
On 12/02/18 13:14, Patrick Brunschwig wrote:
> * The message subject can now be encrypted and replaced with a dummy
> subject, following the "Memory Hole" standard for protected Email
> Headers [5].

After installing 2.0 Beta1, an info box opened in which I think I read
(because I can't find that info anymore) that the subject would be
encrypted in the message body and replaced by a dummy "Encrypted message".

If this is so, it will be very easy for any isp to have their attention
drawn to an encrypted message. Did I misread this info ?

Philip

___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] [ANN] Enigmail 2.0 Beta 1 Available

2018-02-12 Thread David 
On 2/12/2018 8:11 AM, Patrick Brunschwig wrote:
> On 12.02.18 13:52, David wrote:
>> On 2/12/2018 7:14 AM, Patrick Brunschwig wrote:
>>> I'm pleased to announce the 1st beta version of Enigmail 2.0. This marks
>>> a major milestone in the development of Enigmail. In the two years since
>>> the last major update, we improved and changed quite many things. The
>>> code base grew by more than 18%, and another 6% of the code was modified.
>>
>> 
>>
>> Since this is a major change of Enigmail is it 'safe' to install this
>> over the existing Enigmail 1.9.9 or should it be uninstalled first?
> 
> You don't need to uninstall Enigmail 1.9.9 - Thunderbird will do that
> for you.
> 
> -Patrick


Thank you.

-- 

  David



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] [ANN] Enigmail 2.0 Beta 1 Available

2018-02-12 Thread Patrick Brunschwig 
On 12.02.18 13:52, David wrote:
> On 2/12/2018 7:14 AM, Patrick Brunschwig wrote:
>> I'm pleased to announce the 1st beta version of Enigmail 2.0. This marks
>> a major milestone in the development of Enigmail. In the two years since
>> the last major update, we improved and changed quite many things. The
>> code base grew by more than 18%, and another 6% of the code was modified.
> 
> 
> 
> Since this is a major change of Enigmail is it 'safe' to install this
> over the existing Enigmail 1.9.9 or should it be uninstalled first?

You don't need to uninstall Enigmail 1.9.9 - Thunderbird will do that
for you.

-Patrick



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Re: [Enigmail] [ANN] Enigmail 2.0 Beta 1 Available

2018-02-12 Thread David 
On 2/12/2018 7:14 AM, Patrick Brunschwig wrote:
> I'm pleased to announce the 1st beta version of Enigmail 2.0. This marks
> a major milestone in the development of Enigmail. In the two years since
> the last major update, we improved and changed quite many things. The
> code base grew by more than 18%, and another 6% of the code was modified.



Since this is a major change of Enigmail is it 'safe' to install this
over the existing Enigmail 1.9.9 or should it be uninstalled first?


-- 

  David



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

[Enigmail] [ANN] Enigmail 2.0 Beta 1 Available

2018-02-12 Thread Patrick Brunschwig 
I'm pleased to announce the 1st beta version of Enigmail 2.0. This marks
a major milestone in the development of Enigmail. In the two years since
the last major update, we improved and changed quite many things. The
code base grew by more than 18%, and another 6% of the code was modified.


New Features since v1.9
---
* The Encryption and Signing buttons now work for both OpenPGP and
S/MIME. Enigmail will chose between S/MIME or OpenPGP depending on
whether the keys for all receipients are available for the respective
standard.

* Support for the Autocrypt standard [1], which is now enabled by default.

* Support for Pretty Easy Privacy (pEp) [2] is implemented in Enigmail.
However, we're not yet ready to enable pEp in the current Beta 1
release. We expect that support for pEp will be enabled in Beta 2 that
will follow in ca. 2 weeks.

* Support for Web Key Directory (WKD) [3] is implemented. Enigmail will
try to download unavailable keys during message composition from WKD.
If you use GnuPG 2.2.x, and your provider supports the Web Key Service
protocol [4], you can also use Enigmail to upload your key to WKD.

* The message subject can now be encrypted and replaced with a dummy
subject, following the "Memory Hole" standard for protected Email
Headers [5].

* The keys on the keyring are automatically refreshed from keyservers at
an irregular interval.

* Enigmail was turned into a "restartless" addon. That is, once you
installed Enigmail 2.0 beta1, subsequent updates will be installed
without needing to restart Thunderbird.

* Keys are internally addressed using the fingerprint instead of the key ID.


Fixed defects
-
In addition to the above, we fixed quite some
defects:.


Obtaining Enigmail 2.0 Beta 1
-

Addon package:
https://enigmail.net/download/beta/enigmail-2.0-beta1.xpi

Addon signature:
https://enigmail.net/download/beta/enigmail-2.0-beta1.xpi.asc

Source code:
https://enigmail.net/download/beta/enigmail-2.0-beta1.tar.gz

Source code signature:
https://enigmail.net/download/beta/enigmail-2.0-beta1.tar.gz.asc


What Next?
--
I'm planning to release one or two more beta versions before the final
release. I will shortly update the localization files on Transifex, such
that localizers can start translating.


-Patrick


[1] https://www.autocrypt.org/
[2] https://pep.foundation/
[3] https://wiki.gnupg.org/WKD
[4] https://wiki.gnupg.org/WKS
[5] https://github.com/autocrypt/memoryhole



signature.asc
Description: OpenPGP digital signature
___
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net