[Enigmail] From Circumvention

Patrick Brunschwig patrick at enigmail.net
Wed Mar 4 13:18:02 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 03.03.15 15:44, Robert J. Hansen wrote:
[...]
> My impressions so far:
> 
> - The Eniglove is thick, palpable, and real.  I literally have not 
> been able to buy my own beer.  If I was so inclined, I could get 
> stone drunk every night and *still* wind up turning down half the 
> offers of free beer.  I also get random bone-crushing hugs from 
> attractive women and the occasional activist has taken me apart 
> from the crowd to tell me, "Enigmail saved my family's life."

It feels good to read/hear this every now and then ;-)

> - Everyone it seems has a different take on an Enigmail feature 
> they'd like to see included.  Some of them are just "no, we won't 
> do that" (such as pushing for Enigmail to get integrated wholesale 
> into Thunderbird), some are really easy, and others are worth 
> thinking about.
> 
> Really easy:
[...]
> 
> 2.  There's a huge outcry for a Farsi translation.  The bad news: 
> the people who most need it are unable/unwilling to contribute to
> it (they need to keep a low profile).  The good news: Localization
> Lab really wants to help us out with this. See
> http://www.localizationlab.org/translation/ for an overview of
> Localization Lab's efforts.  I've got a point of contact there, so
> we should probably reach out and see what they can do for us.

We use Babelzilla, but I also accept translations sent directly to me
(e.g. as encrypted mails)

> 3.  The trainers say there's a slight visual difference in how 
> inline messages are composed versus how PGP/MIME messages are 
> composed.  Inline messages are briefly flashed in the compose 
> window in encrypted form before sending, while PGP/MIME messages
> are not.  It would be good if there were only one behavior, because
> it sometimes leads to people believing they sent an email
> unencrypted because when they were in training (using inline PGP)
> they saw it briefly in encrypted form, but in the real world (using
> PGP/MIME) they didn't.  I think this is minor, but ... people are
> serious about it.  One uniform behavior, please.

I don't agree with "really easy" here. The things is that for
inline-PGP we _paste_ the encrypted mail body into the message
composition window before the Thunderbird message sending process is
triggered. PGP/MIME works entirely differently: Enigmail is triggered
after the message is prepared as MIME document, just before it is sent
(i.e. directly within the process in Thunderbird).

To summarize: this is _very_ difficult to "fix".


> 4.  If you've disabled encryption and/or signing for a message
> (when it would normally be present), Enigmail is too polite about
> it. They'd like to see a red banner or somesuch, warning the user 
> "You have manually disabled encryption and/or signing for this 
> email".  The icons, although accurate, are too easy for newcomers 
> to overlook.

The quickest fix could be to change the color of the text.

> 5.  It should default to encrypting drafts.

This _is_ the default since v1.7

> Worth thinking about:
> 
> 6.  Add an "Easy Revocation Reminder" feature.  When revoking a
> key, one major problem is convincing one's correspondents to check 
> the keyservers.  Clicking "Easy Revocation Reminder" (needs a 
> better name) would walk through your mail folders accumulating the
> email addresses of everyone who has sent you encrypted email or
> anyone you've sent signed email to.  Enigmail would then open a new
> compose window, with all of these email addresses as bcc, with
> pre-composed text about how "I have had a key compromise," blah
> blah blah.  Allow the user to edit the text how they like, 
> particularly listing a new key to use, and hit "Send" to notify all
> recipients.

We could also implement something like an automatic monthly check of
all keys on keyservers.

- -Patrick

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJU9vf5AAoJENsRh7ndX2k7isUQAKB80HLoJfXxVLkTc4zK06Pp
gMWbiLikJ0cczWg+D1t4sQFwMyaobEvkJLph4aVe8rdI9fht8s6YjO2okqxhDJCs
+S3MASyN5YBoJubl61X1DM8kFh0Ot51wbojlpuGGhFfYgvlTpQ5zmP4X7zMMVUq5
KRqMicWp8fpRrvgWhO3zpvKkSUo0bgy6OrUON4HIBe4qujaTSbUC7fkTX+tZmwTR
rWUf7gl7Z/gKGurmjBFHR63JSzQNqOb34xUTfKv4B1GcHrUJHpazHNJaKnhtFQ1u
ckIRZ13hSi+vl1Rq/SfwfeqAFzWfSEE1k4nF89vcbDgI/9zD0qYtMUS9eyqeBx7A
VmWWxV9AKPP7iFJxH99BUSpJkiiC4men182dDHMKXtrADom+UuuyfplnhamagznT
wbRiKdCzKAiT45UU/HvKBcbPrWVOoA67eQupUgGKiOcng8daB4nHNbf4AmhDMdyp
kpUnly7zgbvy9kIpf1h5CjArwj4HL1IculW8ESz4+vZSxpYQGQxJlCrx+ObcQx3n
X3W0FlCktEa5YVTqTD5WXIt+C2zh+H12WT3LS2/Ns95mJcBvOocgQfKUCLEVdl5v
MPX1YSCXAn/5NFkkxE7VvvO4kPyyAsO9i4MVX9vNmN1eAJraXycINeFii+fGOQjD
AQZRoz2vviqLq5orA06s
=3nxe
-----END PGP SIGNATURE-----



More information about the enigmail-users mailing list