Automatically enable or disable encryption via OpenPGP or S/MIME: Thunderbird now has a function that has been requested for 21 years. Until now, users had to configure in the settings whether the client would encrypt e-mails by default or not – and were still asked about it all the time.
Disturbing, no matter how configured
What exactly is the stumbling block? Anyone who previously used OpenPGP or S/MIME by default, but could only send an individual email without encryption, had to confirm this for each message. On the other hand, if the encryption was deactivated in the configuration, you had to switch it on manually if necessary – comfort is different. Thunderbird can now automatically choose to use OpenPGP or S/MIME for certain recipients.
The feature initially sounds obscure or simple to implement, but accumulated in the associated Bug 135636 the discussions – and they highlight the nuances of email security. Ultimately, the developers decided on a clear path: the new automatic encryption is explicitly not an opportunistic encryption that simply blindly nods to all keys of unknown users and then gives the user a false sense of security. Rather, it requires that the encryption is already correctly configured with the correspondent – and only the client can activate it automatically. However, if this previously given trust in the recipient is missing, encryption is still possible. Thunderbird then asks whether the user actually wants it, even if the encryption is set to be automatic.
Likewise, users can opt out of encryption by default. In this case, Thunderbird now shows a button for quick activation. The client also warns if encryption has been switched on but is not possible – for example because the recipient’s key is missing. However, the client does not deactivate them automatically. It is up to the user to decide whether they want to switch it off or, for example, remove the affected user. In general, Thunderbird never disables encryption if it has been manually enabled.
Behavior as in email threads
In terms of comfort, the new behavior corresponds to the previous responses to an encrypted e-mail: In such a conversation, the e-mail client no longer asks for a decision from the user. The same behavior can now be set for new messages by default for correctly configured contacts.
So an obscure update for the encrypted email niche? If you look at the size of the addressed user group: Yes. But the persistence of the discussions over the past 21 years shows the extent to which such obtrusive queries can affect the everyday life of users. And for those who have opted for encryption with OpenPGP or S/MIME, the new function means working in Thunderbird with significantly less interruption. Furthermore, the developers have managed not to undermine the trust principles of the encryption technology.
(fo)
