> Yes, I agree that is bad policy, however, TorBirdy is not Enigmail and > neither require each other to work properly. I, for one, do not use PGP for > every outgoing email, although I would still prefer to use Tor for my > Thunderbird traffic. I would suggest the proper remedy for this completely > legitimate issue would be to file a bug ticket with Enigmail. I agree that Enigmail is the correct place to enact this, but a search on the subject brings up this forum post: http://www.mozilla-enigmail.org/forum/viewtopic.php?f=3&t=328 in which the Enigmail developers do not seem very responsive to the concerns of sensitive information in the subject header. The stated opinion of several of the developers is that they wish to wait until a specification for encrypted headers is published by a standards body before they will do anything. Granted this is in the context of asking for it to be encrypted instead of blocking it or warning the user, but something along those lines was suggested and ignored. The final suggestion was "There is a simple solution for this problem: don't write anything sensitive in the Subject." rather than an acknowledgement that this is a possible source of significant user error. Of course the forum thread is in the context of some random users bringing it up, but if it was in the context of something like TorBirdy and possibly the Tor Browser Bundle things may be different: "We are considering bundling your software in a major software package but we have a couple of concerns. Could you work with us on them?" P.S. Another thread here: http://www.enigmail.net/forum/viewtopic.php?f=9&t=723 -- Shew
Attachment:
pgpqj5jggUDyO.pgp
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk