[Enigmail] From Circumvention
patrick at enigmail.net
Wed Mar 4 13:18:02 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
On 03.03.15 15:44, Robert J. Hansen wrote:
> My impressions so far:
> - The Eniglove is thick, palpable, and real. I literally have not
> been able to buy my own beer. If I was so inclined, I could get
> stone drunk every night and *still* wind up turning down half the
> offers of free beer. I also get random bone-crushing hugs from
> attractive women and the occasional activist has taken me apart
> from the crowd to tell me, "Enigmail saved my family's life."
It feels good to read/hear this every now and then ;-)
> - Everyone it seems has a different take on an Enigmail feature
> they'd like to see included. Some of them are just "no, we won't
> do that" (such as pushing for Enigmail to get integrated wholesale
> into Thunderbird), some are really easy, and others are worth
> thinking about.
> Really easy:
> 2. There's a huge outcry for a Farsi translation. The bad news:
> the people who most need it are unable/unwilling to contribute to
> it (they need to keep a low profile). The good news: Localization
> Lab really wants to help us out with this. See
> http://www.localizationlab.org/translation/ for an overview of
> Localization Lab's efforts. I've got a point of contact there, so
> we should probably reach out and see what they can do for us.
We use Babelzilla, but I also accept translations sent directly to me
(e.g. as encrypted mails)
> 3. The trainers say there's a slight visual difference in how
> inline messages are composed versus how PGP/MIME messages are
> composed. Inline messages are briefly flashed in the compose
> window in encrypted form before sending, while PGP/MIME messages
> are not. It would be good if there were only one behavior, because
> it sometimes leads to people believing they sent an email
> unencrypted because when they were in training (using inline PGP)
> they saw it briefly in encrypted form, but in the real world (using
> PGP/MIME) they didn't. I think this is minor, but ... people are
> serious about it. One uniform behavior, please.
I don't agree with "really easy" here. The things is that for
inline-PGP we _paste_ the encrypted mail body into the message
composition window before the Thunderbird message sending process is
triggered. PGP/MIME works entirely differently: Enigmail is triggered
after the message is prepared as MIME document, just before it is sent
(i.e. directly within the process in Thunderbird).
To summarize: this is _very_ difficult to "fix".
> 4. If you've disabled encryption and/or signing for a message
> (when it would normally be present), Enigmail is too polite about
> it. They'd like to see a red banner or somesuch, warning the user
> "You have manually disabled encryption and/or signing for this
> email". The icons, although accurate, are too easy for newcomers
> to overlook.
The quickest fix could be to change the color of the text.
> 5. It should default to encrypting drafts.
This _is_ the default since v1.7
> Worth thinking about:
> 6. Add an "Easy Revocation Reminder" feature. When revoking a
> key, one major problem is convincing one's correspondents to check
> the keyservers. Clicking "Easy Revocation Reminder" (needs a
> better name) would walk through your mail folders accumulating the
> email addresses of everyone who has sent you encrypted email or
> anyone you've sent signed email to. Enigmail would then open a new
> compose window, with all of these email addresses as bcc, with
> pre-composed text about how "I have had a key compromise," blah
> blah blah. Allow the user to edit the text how they like,
> particularly listing a new key to use, and hit "Send" to notify all
We could also implement something like an automatic monthly check of
all keys on keyservers.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the enigmail-users