Mozilla Connect

TL;DR:

I'd love to see the (opt-in) option to store your encrypted Thunderbird profile data (or parts of it, i.e. your PGP private key) in a hidden IMAP folder.

L;R:

Recently, I have been looking for a way to get PGP to work in a user friendly way, preferably without the need of additional software. While doing so I came across this proposal for a standard.

From what I understand, Thunderbird stores the imported PGP key in the user profile and encrypts it with a random generated password. This password would then be protected with the profile's master key.

In order to ensure that the key is available to the user, no matter which device they are on and thereby dramatically simplifying key management and making PGP a lot more accessible to most people, I suggest adding an opt-in feature to store the encrypted PGP private key in a hidden IMAP folder online. This feature could be expanded to include additional account specific settings or profile settings to simplify the setup process of other devices.

I once again want to emphasize that this feature must be opt-in but I suppose it would be reasonable to make the user aware of its existence during the setup process of E2EE.

I also expect PGP puritsts to want to behead me for suggesting storing the private key online, however PGP in its current state is not accessible to a normal user. This feature could fix this. Furthermore, by associating PGP keys with IMAP accounts instead of users, shared email accounts would also be able to use PGP without the need for awkwardly sharing around the private key.

I'll leave implementation details for ensuring a strong password is used for encrypting the private key to people that are smarter than me.