Comments on: Thunderbird and Encrypting E-mail

By: Bill

Bill — Mon, 13 Aug 2007 21:14:46 +0000

FWIW, Bob and I did a podcast episode about “how to setup secure email in Thunderbird” using digital certificates, posted at http://www.securityhype.com/blog/archives/24

-bill

By: YAplanetReader

YAplanetReader — Mon, 13 Aug 2007 05:39:13 +0000

Excellent summary, concise and comprehensive. Bookmarked for when someone asks me what the gibberish in my signed emails is all about.

By: abillings

abillings — Mon, 13 Aug 2007 04:48:51 +0000

I don’t think that I’d call PGP/GPG a “toy” but ok.

Can you write up a post telling the average Thunderbird user how to use S/MIME and X.509 certificate management then? If there is a better way to do things, I’m all ears.

The things about using GPG and Enigmail is that it is easy and doesn’t need a supporting hierarchy. I have public keys from most of my friends and they have mine. It’s rather simple of us to sign or encrypt our mail to each other.

I know nothing about X.509 but I’d be happy to hear more if you have a blog or want to post about it here.

By: rod

rod — Mon, 13 Aug 2007 04:44:55 +0000

“The Enigmail extension was developed as an add-on for Thunderbird that would allow seamless integration of cryptography functionality into Thunderbird.”

Um, you do realize that Thunderbird has had support for “cryptography functionality” in the form of X.509 certificate management and S/MIME encrypted email built in (no extensions necessary) since the Netscape Mail (4.x) days?

PGP/GPG is a toy. There is no trust anchor for hierarchical verification of identity. Enterprises and governments won’t touch anything less than X.509+S/MIME for secure email.