i also "vote" for this, very important, feature.
in the moment i use gpgrelay (http://gpgrelay.sourceforge.net/
) for this feature, which makes enigmail obsolete.
but enigmail would be the preferred choice for me, because it is still developed and its much better integrated in thunderbird.
what about the comment from mortoray, is there no way to solve this issue from the addon layer?
the mentioned addon for attachment deletion should have the same level of mail manipulation as the requested feature.
shane wrote:Decrypting something permanently is potentially bad security practice. For you or I it's fine, because we know that the messages can now be compromised locally, but for novice users there could be a grey area. They might not understand that permanent decryption really means the message is exposed.
i think thats not the point, security must be easy to handle, if it is not easy an has no good interface, its simply not used by regular users. i fiddled around with gpgrelay and it works, but it don't gets me any further if i am the only person who uses encryption. why? because it's too difficult. so encryption should be very easy to handle.
so why the local decryption is nessessary:
people won't use security measures if they can't search their mail, can't easily access it, access the email after a system crash where they have backuped the mails but not the gpg keys (thats not unrealistic, often they ask me for their passwords because they only saved them in the mail program).
we all know the most secure computer is one which is not on the internet and has no floppy, no dvdrom, no usb slots and no monitor. but we need to work on pc's so they have to on the net. so we have to make a good compromise between security and usability.
i think security is important, but sometimes you have to compromise.
what is better, if we say no all email programms cannot save the pop/smtp password, which simply leads to more stupid passwords or even no passwords or if we allow to save passwords but have at least no mail server without password on the internet.
its the same for localy decrypted emails. i think it is better to allow every user to save unencrypted mails on their computer (where all importend excel/word files gets stored unencrypted anyway (no regular users are not used to truecrypt)) but at least have it secured over the very insecure internet-transport way.
what is better, everybody sending around postcards with sensible information on it, or send sealed letters which lie around open in the office after unsealed? also i dont store my letters in a safe, i just put them in a folder. i trust my colleagues in the office, but i don't trust people sniffing my plain packets traveling over the internet
also it would be good, to allow to store the passphrases of keys in thunderbird. i think a key with a passphrase is better, than a key with no passphrase (pp). if i have no pp someone only needs the keyfile, with a passphrase he also needs the correct thunderbird file where the pp is getting stored and he needs to crack the simple encryption the pp is protected with. of course it it more secure if you use a long pp and always enter it by hand, but the middleway is to add a pp manager to enigmail/thunderbird. i installed a customer enigmail with a key with pp and added the "--passphrase mysecretpassword" (dont sure if i remember the name correct) parameter to the default parameters. which is rather unflexible, you can only have one key with pp in use.
blah wrote:When someone gets into encrypting messages he/she will need to have at least some basic knowledge what's going on. Pointing out this situation in a user manual and deactivating this feature in the default installation should be enough IMO.
i totally agree with you.
blah wrote:I'd like to have that feature, too. Messages and other content can also get encrypted on the hard drive, so for me there is no use in encrypting it twice. Also, it's easier to handle my e-mails if they are stored unencrypted in my folders.
The lack of this feature is a reason why I can't use Enigmail at the moment.
same for me
Adam wrote:I'm not entirely sure if this is a good idea based on the aim of encryption. This would be especially problematic in a corporate based environment where computers were shared and previously encrypted email would be available for virtually anyone to read.
how much emails are getting encrypted? 5%? 1%? 0,1%? i dont know, but as i mentioned above, its better to have not encrypted emails on a workstation (which often is behind a company firewall), than plain email communication over the internet. so adding this feature would be a step in the right direction.
also you have to see, that many people put their very very strong password ("qwerty") on a post-it on the monitor. that's reality.
it makes no sense to be on the binary trip (black/white) full encryption/no encryption. lets take the gray way
so don't work against encryption, work for it. if you work for it, it is important that is handy to use.
rjh wrote:What people are asking for here is "blow away the old copy of my email on the IMAP server and replace it with a new email containing the decrypted information of the old email." This involves a lot of email access issues: access, deleting, uploading, etc. This is stuff Thunderbird does, and stuff Enigmail very explicitly does not do.
POP access is little different. "Blow away the old copy of my email in the mbox file and replace it with a new email containing the decrypted information of the old email." The same issues arise.
to imap i can't really say something, have not used it. so my statements refere only to pop. also i don't know how thunderbird and the plugin works in detail, so don't be too strict with me.
there should nothing be done with the message on the mailserver, the messages on the mailserver should always stay encrypted. only the local messages should be permantently decrypted. so it should work like a local filter/parser.
server > download > decrypt > inbox
server > download > inbox > click > decrypt
reupload is not nessesary and would be real insecure, because the plain message is getting uploaded over the internet
While I agree that it would be nice if Enigmail did this, supporting this would likely introduce vast amounts of complexity to the Enigmail code. However, if Thunderbird could export an API we could use which would allow us to easily manipulate mail data, then we could support it pretty easily.
I guess the ultimate answer is "if you want this feature, you need to ask Thunderbird, not us." Sorry.
it would be great if you can take this in your hand, neither if you implement it directly in enigmail nor if you directly contact the thunderbird coding team.
i think your chances are much higher, as if i try to contact the coding team. if you and your codeingteam will contact them, they may listen to you. simply because you are not nobody.
from my point i think you both, the enigmail and the thunderbird team, have a very important duty, protect the normal user from "data-profiling". for me, i don't have secret stuff in my email, but i would instantly use encryption if the people which i write emails to / get emails from would use it.
why? thats easy, i really don't like getting "profiled". so if my provider wants to parse and profile my email, i just can say "parse this - protected by gpg".
hope you and your team will think about it. safe the world!