cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
melolontha-melo
Strollin' around
Status: New idea

I want to propose an improvement to the OpenPGP encryption part of Thunderbird:

It is common, and even recommended, to attach your own OpenPGP key to every outgoing mail and sign it. (If you sign it, attaching the public key is the default anyway). This way you distribute your public OpenPGP key to exactly those recipients you deal with. Then you can do without key servers, which also have undesirable side effects.

If the recipient has already imported a public key of a sender into Thunderbird, after the signature check of received message (if it is a signed one), it would make sense to additionally check whether the supplied key for that email address is already known in the key management and possibly matches another known key for the sender’s email address.

If there is another public key in TB for the sender email address and the supplied key has the same age and is identical, it should be shown wehen looking at the OpenPGP properties of this mail: "attached key matches already known key for that sender".

If there is another public key in TB for the sender email address and the supplied key is newer, a note like this should be shown close to the lock and seal symbol:

"Attached key is newer than previous public key for that sender. Check the new key's fingerprint, which is

xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx

by means independent from email, e.g. by phone. Then import the new key and mark its credibility in TBs key ring if the fingerprint is correct."

If a supplied key is old or even older than the latest one stored for the sender's address or if it differs from the public key stored at the same age, this should be classified as a suspicious case and the user should be warned accordingly.

I have already asked whether this is possible at https://www.thunderbird-mail.de/forum/thread/89444-kann-thunderbird-automatisch-angeh%C3%A4ngte-%C3%.... The answer was “this is not possible in the current version” and they don’t know about a plugin with this capability.

So I suggest this as an enhancement to Thunderbird.

1 Comment
Status changed to: New idea
Jon
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.