Thunderbird OpenPGP Problem
-
- Posts: 212
- Joined: April 25th, 2008, 6:16 pm
Thunderbird OpenPGP Problem
I would suggest there is a flaw in the implementation of TB's OpenPGP support. When signed messages go to a mailing list the resulting distribution of that message cannot be verified because the from email address is changed by the list server. Enigmail did not have this problem. I don't know what the options are to resolve this. Perhaps a whitelist that will verify the signature against the body of the message without regard to the whitelisted from address.
There are 10 kinds of people in the world. Those that understand binary and those that don't.
- tanstaafl
- Moderator
- Posts: 49647
- Joined: July 30th, 2003, 5:06 pm
Re: Thunderbird OpenPGP Problem
I suggest you ask in https://thunderbird.topicbox.com/groups/e2ee . If you get a answer please post a link to it.
I didn't spot anything related in https://wiki.mozilla.org/Thunderbird:Op ... m-Enigmail but perhaps I missed it.
https://security.stackexchange.com/ques ... ling-lists seems to suggest the idea of creating a separate pair of keys for the mailing lists address. Another comment said: "In the mean time you may have to simply perform the encryption outside of Thunderbird. simply append many --recipient values via GPG command line, or whatever front-end you may be using." I don't know if RNP has an equivalent.
I didn't spot anything related in https://wiki.mozilla.org/Thunderbird:Op ... m-Enigmail but perhaps I missed it.
https://security.stackexchange.com/ques ... ling-lists seems to suggest the idea of creating a separate pair of keys for the mailing lists address. Another comment said: "In the mean time you may have to simply perform the encryption outside of Thunderbird. simply append many --recipient values via GPG command line, or whatever front-end you may be using." I don't know if RNP has an equivalent.