[Enigmail] From Circumvention

Patrick Brunschwig patrick at enigmail.net
Wed Mar 4 13:18:02 CET 2015

Hash: SHA256

On 03.03.15 15:44, Robert J. Hansen wrote:
> My impressions so far:
> - The Eniglove is thick, palpable, and real.  I literally have not 
> been able to buy my own beer.  If I was so inclined, I could get 
> stone drunk every night and *still* wind up turning down half the 
> offers of free beer.  I also get random bone-crushing hugs from 
> attractive women and the occasional activist has taken me apart 
> from the crowd to tell me, "Enigmail saved my family's life."

It feels good to read/hear this every now and then ;-)

> - Everyone it seems has a different take on an Enigmail feature 
> they'd like to see included.  Some of them are just "no, we won't 
> do that" (such as pushing for Enigmail to get integrated wholesale 
> into Thunderbird), some are really easy, and others are worth 
> thinking about.
> Really easy:
> 2.  There's a huge outcry for a Farsi translation.  The bad news: 
> the people who most need it are unable/unwilling to contribute to
> it (they need to keep a low profile).  The good news: Localization
> Lab really wants to help us out with this. See
> http://www.localizationlab.org/translation/ for an overview of
> Localization Lab's efforts.  I've got a point of contact there, so
> we should probably reach out and see what they can do for us.

We use Babelzilla, but I also accept translations sent directly to me
(e.g. as encrypted mails)

> 3.  The trainers say there's a slight visual difference in how 
> inline messages are composed versus how PGP/MIME messages are 
> composed.  Inline messages are briefly flashed in the compose 
> window in encrypted form before sending, while PGP/MIME messages
> are not.  It would be good if there were only one behavior, because
> it sometimes leads to people believing they sent an email
> unencrypted because when they were in training (using inline PGP)
> they saw it briefly in encrypted form, but in the real world (using
> PGP/MIME) they didn't.  I think this is minor, but ... people are
> serious about it.  One uniform behavior, please.

I don't agree with "really easy" here. The things is that for
inline-PGP we _paste_ the encrypted mail body into the message
composition window before the Thunderbird message sending process is
triggered. PGP/MIME works entirely differently: Enigmail is triggered
after the message is prepared as MIME document, just before it is sent
(i.e. directly within the process in Thunderbird).

To summarize: this is _very_ difficult to "fix".

> 4.  If you've disabled encryption and/or signing for a message
> (when it would normally be present), Enigmail is too polite about
> it. They'd like to see a red banner or somesuch, warning the user 
> "You have manually disabled encryption and/or signing for this 
> email".  The icons, although accurate, are too easy for newcomers 
> to overlook.

The quickest fix could be to change the color of the text.

> 5.  It should default to encrypting drafts.

This _is_ the default since v1.7

> Worth thinking about:
> 6.  Add an "Easy Revocation Reminder" feature.  When revoking a
> key, one major problem is convincing one's correspondents to check 
> the keyservers.  Clicking "Easy Revocation Reminder" (needs a 
> better name) would walk through your mail folders accumulating the
> email addresses of everyone who has sent you encrypted email or
> anyone you've sent signed email to.  Enigmail would then open a new
> compose window, with all of these email addresses as bcc, with
> pre-composed text about how "I have had a key compromise," blah
> blah blah.  Allow the user to edit the text how they like, 
> particularly listing a new key to use, and hit "Send" to notify all
> recipients.

We could also implement something like an automatic monthly check of
all keys on keyservers.

- -Patrick

Version: GnuPG v2


More information about the enigmail-users mailing list