Category:Disambiguation - MDC, Category:Web Standards:Tools - MDC, Login required to edit - Edit - MDC, Category:Extensions - MDC, User talk:Sheppy - MDC, Categories - MDC, Talk:Main Page - History - MDC, Related changes - MDC, Related changes - MDC, Login required to edit - Edit - MDC

Talk:Security

From MDC

PROPOSAL FOR ENCRYPTION IN MOZILLA MAIL (or Thunderbird)

The first time I used email in the late 80's, I was uncomfortable with the total lack of privacy. I can't believe this hasn't been solved, yet!

I propose that future releases of Mozilla Mail incorporate default encryption and signing of all email.

I propose that it be a peer-to-peer system using double-key encryption similar to PGP.

I'm proposing a very simple system, essentially:

  1. ) All Mozilla mail clients will include a double-key encryption system
  2. ) Mozilla-originated emails will include a line "public key available"
  3. ) The Mozilla mail client will automatically request the key when it spots #2
  4. ) Future messages between the two will automatically be encrypted

Additional/optional features:

  1. ) Outgoing messages will be signed (useful against spoofing)
  2. ) Address book(s) remains encrypted when not used (ala TrueCrypt)
  3. ) Option to keep individual message encrypted or permanently decoded.
  4. ) Message boxes to remain encrypted when not used
  5. ) Option to use a centralized key server rather than peer-to-peer
  6. ) Mozilla maill client will clearly mark (and stigmatize!) insecure email.

I feel strongly that encryption must be integral to and default for Mozilla rather than an optional plug-in if we are finally going to solve the vulnerability of totally open email.

PS: I'm just a user of Mozilla. Please forgive me if I have trespassed or overstepped. If this isn't the appropriate place, please let me know where I can take it. --Calan 20:22, 5 January 2006 (PST)

Well "Mozilla Mail" will not have any future versions, though "SeaMonkey Mail" will, and so will "Thunderbird". You can use the popular extension "Enigmail" for both to accomplish signing/etc of messages (I do not use it, only due to needing to compile my own Enigmail with my self-compiled SeaMonkey and TB), I know some developers of Thunderbird DO want it to eventually become a part of their distro, which means incorporating it into mozilla directly. So this may happen in the future. This is the wrong place for enhancement requests though, this is a documentation avenue, not a "future" avenue. See [1] and [2] for more appropriate venues (do note, I said "more appropriate" depending on exactly what you are proposing/doing they may not be right either) --Callek 14:05, 5 January 2006 (PST)


Thanks for the feedback. I'll move the discussion as you suggest. I wasn't sure where to start.

I want to keep pushing the idea of making encrypted email the DEFAULT for all users, rather than an option for the paranoid.

I live overseas where Internet usage is routinely monitored, so I am particularly sensitive to this issue. But I think this is a legitimate concern in the USA, considering the recent news of mass snooping. Right now, the use of encryption FLAGS you for scrutiny.

I believe my proposal is simple enough to finally make routine encryption a reality. Simplicity is critical... there are lots crypto tools but all I've seen are too hard.

Basically, in my proposal, email clients automatically share public keys after the first contact. From then on, all emails are encrypted without the users having to do anything. --Calan 20:22, 5 January 2006 (PST)


I've moved the discussion to over here if anyone wants to jump on this bandwagon with me. --Calan 22:51, 11 January 2006 (PST)
Retrieved from "http://developer.mozilla.org/en/docs/Talk:Security"