From dlverlee at mtu.edu Thu Oct 2 22:46:18 2008 From: dlverlee at mtu.edu (Derek L. VerLee) Date: Fri, 03 Oct 2008 01:46:18 -0400 Subject: [Enigmail] Sender under duress In-Reply-To: <48D67043.8040005@sixdemonbag.org> References: <44461.68.12.164.12.1221950795.squirrel@qmail.onlineok.com> <48D67043.8040005@sixdemonbag.org> Message-ID: <1223012778.14970.42.camel@java.csl.mtu.edu> On Sun, 2008-09-21 at 11:03 -0500, Robert J. Hansen wrote: > enigmail at devek.us wrote: > > Is there some way that a person signing a message with enigmail can > > indicate that they are under duress so that only the recipient will know? > > It generally requires having a pre-arranged signal. For instance, using > the word "wacky" might be the "I'm under duress" signal -- the word > needs to be common enough that the person applying pressure won't think > it's strange, but sufficiently uncommon that it's not something you'd > normally use in everyday communications. > > _______________________________________________ > Enigmail mailing list > Enigmail at mozdev.org > https://www.mozdev.org/mailman/listinfo/enigmail This is an interesting question that reminds me of several situations in fiction I have read and no doubt comes up in real live. The pre-arranged signal is an optimal solution. A more interesting question is, can this be done without any prearranged signal? I think so, but there introduces some risk of misinterpretation. It requires that both the sender and the receiver share knowledge that the adversary does not have. An example would be referring to a fact (such as a previous event between the senders) that did not take place, and about which neither of you is likely to be mistaken, but which the adversary can not know did not take place. The adversary will not be suspicious if the reference is mundane and plausible. It would help if the receiver of the message, however, is privy to the possibility of the sender's duress, thus having received the message, would think the error is some sort of hidden meaning, instead of the worst case scenario, sending a message back with a correction or request for clarification, which would notify the adversary of the attempt to send the message. It might be more difficult still if the content of the message were to be prescribed. For example, the message is given to the sender by the adversary and they are told to sign it. In this case it would be impossible I think, if the adversary verifies the signature is correct before sending the message. _derek From rjh at sixdemonbag.org Thu Oct 2 23:37:52 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Fri, 03 Oct 2008 02:37:52 -0400 Subject: [Enigmail] Sender under duress In-Reply-To: <1223012778.14970.42.camel@java.csl.mtu.edu> References: <44461.68.12.164.12.1221950795.squirrel@qmail.onlineok.com> <48D67043.8040005@sixdemonbag.org> <1223012778.14970.42.camel@java.csl.mtu.edu> Message-ID: <48E5BDC0.5090403@sixdemonbag.org> Derek L. VerLee wrote: > A more interesting question is, can this be done without any > prearranged signal? This is not an interesting question. For any message you receive, flip a coin. If it's "heads", then you assume it's coerced. Over the long run, sooner or later this (absurd!) coercion detection device will correctly flag a coerced statement, indicating that it's possible. The question should be "can it be done _reliably_," and the answer is "unfortunately, no." See below. > An example would be referring to a fact (such as a previous event > between the senders) that did not take place, and about which neither > of you is likely to be mistaken, but which the adversary can not know > did not take place. Militaries know from long, bitter experience that people overwhelmingly _do not think_ in a crisis situation. It's almost as if people are allergic to thinking. They tend to run on autopilot. This is why military basic training drills things into you again and again and again. When you hear a gunshot, you dive for cover. You don't ask questions, you don't worry about whether you're in dress blues or tennis shoes, you don't worry about whether you're tackling concrete or mud. Gunshot? DIVE. Uniform, ours? HOLD FIRE. Not ours? SHOOT. When the bullets start flying, soldiers spend a lot of time "on autopilot," just going through these drills they've done thousands of times before. The moral of the story: when someone has a gun to your head and is telling you to have Alice meet you down at the pier in an hour, you will react as you have trained to react. If you've trained for this situation, you will probably have codewords prearranged with Alice. If you haven't, you will probably do whatever the man with the gun says. Also, even assuming that you're able to keep your head when someone has a gun to it -- do you really want to gamble your life on you correctly guessing what parts of your life the gunman does or doesn't know about? If someone's got a gun to your head, it's a fair bet they're doing it for a reason. They want to succeed. They're going to be motivated. They will probably have done a surprising amount of homework. This is a bet not worth taking. (Incidentally, there is a fair bit of just plain good life lessons in there. If there's anything that worries you enough to keep you up at night for fifteen minutes, spend an hour training for what to do if it happens. If your wife is pregnant and you're worried about what to do if she goes into labor far from the hospital, take an EMT course. If you live in a bad neighborhood and you're afraid of home invasions, practice loading your weapon in the dark and spend some time at a shooting range. If you've got a date coming up and you're concerned it's not going to go well, spend some time perfecting your cooking skills -- good cooks are always in demand. Etcetera. Worry is a wasted emotion. Training is never wasted.) From eitanadlerlist at gmail.com Fri Oct 3 14:52:28 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Fri, 03 Oct 2008 17:52:28 -0400 Subject: [Enigmail] Enigmail stopped working - not on update Message-ID: After restarting my computer enigmail no longer works. I get an error message "enigmime service unavailable". I tried setting the location of gpg to /usr/local/bin/. I also tried installing the extension. I did not update Thunderbird. I am running version 2.0.17 From olav at mozilla-enigmail.org Fri Oct 3 15:19:00 2008 From: olav at mozilla-enigmail.org (Olav Seyfarth) Date: Sat, 04 Oct 2008 00:19:00 +0200 Subject: [Enigmail] Enigmail stopped working - not on update In-Reply-To: References: Message-ID: <48E69A54.50803@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Eitan, > After restarting my computer enigmail no longer works. > I did not update Thunderbird. I am running version 2.0.17 > I get an error message "enigmime service unavailable". this error typically shows up when you installed an enigmail package that doesn't match your Mozilla / Thunderbird. It needs to match your OS - and the compiler TB was built with. You composed your question using Thunderbird on FreeBSD i386. Is this where you encountered your problem? If so, please consider compiling (and contributing) a *recent* Enigmail package. > I tried setting the location of gpg to /usr/local/bin/. This has nothing to do with the above error. > I also tried installing the extension. *un*installing? Should be possible through Extras -> Addons, -> Uninstall. Olav -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Diese ist eine Digitale Signatur nach OpenPGP-Standard Comment: Weitere Informationen: http://privat.seyfarth.de/olav/schluessel.html iEYEAREIAAYFAkjmmlIACgkQL/NBt8fdKe3C/ACfXiMDR+xErJar8KaQPcbAJ9iu UigAnjJ+d5nfBFakrO9P18IzhSNDjZYd =zIuC -----END PGP SIGNATURE----- From enigmail at jean-marc.meessen-web.org Sat Oct 4 08:18:00 2008 From: enigmail at jean-marc.meessen-web.org (enigmail at jean-marc.meessen-web.org) Date: Sat, 04 Oct 2008 15:18:00 +0000 Subject: [Enigmail] Enigmail not detecting/enabling GPG anymore Message-ID: <453b5fe1a35ec941240cb4fc9925e424@mbox.freehostia.com> Hello, I had Thunderbird and Enigmail happily working together for several months. As it is installed on a eeePC 701 (Xandros), I moved the mail folder to a Truecrypt Folder. This configuration worked well until... Due to an improper shutdown the Truecrypt disk got corrupted (filenames unreadable, etc.). Thunderbird was running when the TC disk was inproperly dismounted. I saved as many files that I could and managed to have a working Thunderbird configuration back on the rails. But Enigmails doesn't work anymore: GPG is not detected anymore (setting window) and (from the TB error console) it fails to initialize GPG (normal as it can't find it). I tried to set the path to the exe and that didn't help either. But GPG works correctly from the command line (version and key list display) and an other GPG enabled tool works correctly (I used the FireGPG Thundebird plugin). I tried uninstalling the Enigmail plugin and re-installing exactly the same xpi I used initialy but it did'nt help. I need some hints to where to look for. I suspect a broken config file. Where can I see why Enigmail fails to start GPG ? Jmm From eitanadlerlist at gmail.com Sat Oct 4 16:49:21 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Sat, 04 Oct 2008 19:49:21 -0400 Subject: [Enigmail] Enigmail stopped working - not on update In-Reply-To: References: Message-ID: Olav Seyfarth wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Hi Eitan, > >> After restarting my computer enigmail no longer works. >> I did not update Thunderbird. I am running version 2.0.17 >> I get an error message "enigmime service unavailable". > > this error typically shows up when you installed an enigmail > package that doesn't match your Mozilla / Thunderbird. It > needs to match your OS - and the compiler TB was built with. > > You composed your question using Thunderbird on FreeBSD i386. > Is this where you encountered your problem? If so, please > consider compiling (and contributing) a *recent* Enigmail package. I would be glad to. Can you point me to a guide. > >> I tried setting the location of gpg to /usr/local/bin/. > > This has nothing to do with the above error. > >> I also tried installing the extension. s/in/rein/ ;) > > *un*installing? Should be possible through Extras -> Addons, > -> Uninstall. > > Olav Thanks > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > Comment: Diese ist eine Digitale Signatur nach OpenPGP-Standard > Comment: Weitere Informationen: http://privat.seyfarth.de/olav/schluessel.html > > iEYEAREIAAYFAkjmmlIACgkQL/NBt8fdKe3C/ACfXiMDR+xErJar8KaQPcbAJ9iu > UigAnjJ+d5nfBFakrO9P18IzhSNDjZYd > =zIuC > -----END PGP SIGNATURE----- From eitanadlerlist at gmail.com Sat Oct 4 16:53:06 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Sat, 04 Oct 2008 19:53:06 -0400 Subject: [Enigmail] Sender under duress In-Reply-To: References: Message-ID: enigmail at devek.us wrote: > Is there some way that a person signing a message with enigmail can > indicate that they are under duress so that only the recipient will know? > Perhaps by using a different password or some other way? Cryptographic signatures are generally not meant to verify the honesty of the sender. They can only be used reliably to verify that a specific person sent a message. If you encounter a situation in which you can't trust the honesty of the message I would suggest looking at a completely different solution (such as an honest/distress word within the message or a three way handshake) > > I would have posted this on the forum, but trying to solve the captcha > gave me a headache.... Those damn captchas :} > > -Me > From John at Mozilla-Enigmail.org Sat Oct 4 17:58:09 2008 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Sat, 04 Oct 2008 19:58:09 -0500 Subject: [Enigmail] Sender under duress In-Reply-To: References: Message-ID: <48E81121.7050305@Mozilla-Enigmail.org> Eitan Adler wrote: > Cryptographic signatures are generally not meant to verify the honesty > of the sender. They can only be used reliably to verify that a specific > person sent a message. I think you're layering too much meaning onto a cryptographic signature. All you can be reliably certain of, if the signature verifies, was that it was made with a given key and that the message was not altered in transit. The duress hypothesis of this thread is a perfect example that a signature does not guarantee that the keyholder is actually in control of the key. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature URL: From eitanadlerlist at gmail.com Sat Oct 4 17:57:17 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Sat, 04 Oct 2008 20:57:17 -0400 Subject: [Enigmail] Expect signature header proposal Message-ID: I think the following are fairly well accepted assumptions: 1) People generally notice the absence of a notice 2) Not everyone uses encryption 3) Even among those who do not everyone uses it all the time. When someone that does use encryption on a regular basis doesn't sign a message most people do not notice. I propose some kind of extra mail header such as "X-Expect-Sig-Always" be set if you plan on always signing your messages. Then if you receive a unsigned message from someone who has previously set that header Thunderbird show an obvious warning such as "This message is unsigned. Sender has notified you that all messages should be signed." or something to that extent -- Eitan From rjh at sixdemonbag.org Sat Oct 4 18:18:24 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 04 Oct 2008 21:18:24 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: Message-ID: <48E815E0.8010806@sixdemonbag.org> Eitan Adler wrote: > When someone that does use encryption on a regular basis doesn't sign a > message most people do not notice. I propose some kind of extra mail > header such as "X-Expect-Sig-Always" be set if you plan on always > signing your messages. This plan is error-prone, hard to implement correctly, and introduces some interesting attacks against the system. Sorry, but it's not going to work. From eitanadlerlist at gmail.com Sat Oct 4 18:19:41 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Sat, 04 Oct 2008 21:19:41 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: Message-ID: Robert J. Hansen wrote: > Eitan Adler wrote: >> When someone that does use encryption on a regular basis doesn't sign a >> message most people do not notice. I propose some kind of extra mail >> header such as "X-Expect-Sig-Always" be set if you plan on always >> signing your messages. > > This plan is error-prone, hard to implement correctly, and introduces > some interesting attacks against the system. > > Sorry, but it's not going to work. > > Can you be a bit more verbose? And can you think of anything else to solve the "not signed when it should be" problem? From rjh at sixdemonbag.org Sat Oct 4 18:31:53 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 04 Oct 2008 21:31:53 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: Message-ID: <48E81909.10401@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA224,SHA1 Eitan Adler wrote: > Can you be a bit more verbose? How do you know the X-Always-Expect-Sig header should be honored? You'd need to send some kind of cryptographically signed control message to every one of your recipients saying "yes, always expect signatures from me." Otherwise, the simple attack is to set X-Always-Expect-Sig to NO and presto, the mail kludge is bypassed. Ah, but now, you say, the trick is the mail server should always keep track of what each correspondent's state is. Fine: how do you expect the system to handle people who send email from multiple places? Or from people who get tired of Enigmail and uninstall it? Or who mess around with the system, get it set, and then have to deal with their messages all being flagged as suspect by their correspondents? What you're talking about doing is establishing a public key infrastructure. That's a hard problem, and mail kludges are simply not up to the task. > And can you think of anything else to solve the "not signed when it > should be" problem? I don't acknowledge the existence of a problem in the first place. Whether something should be signed is not up to the sender. Whether this message should be signed is not up to me. It's up to each person reading the message. If you feel like taking this message seriously, even knowing that it could have been tampered with in transit -- well, that's your call to make: this message doesn't need to be signed. If you feel otherwise, that, too, is your call to make, and this message should have been signed. But I, as the sender, get precisely _zero_ say in whether a message should have been signed. In voting security, one of our maxims is that voting security doesn't exist to persuade the winner he won, but the loser that he lost. After all, winners always think their victory counts. It's only losers who need to be persuaded. In communications security, an equivalent maxim would be that senders don't get a say in whether a message should be/needs to be signed. Only the message recipients do. ... So, in essence, you have: (a) misunderstood the problem, (b) seen a nonexistent problem instead, and (c) solved it badly. Sorry. -----BEGIN PGP SIGNATURE----- iFYEARELAAYFAkjoGQkACgkQI4Br5da5jhDYCQDcC/cqf3p417R9le6TE4rMY48k YkYI4ORUPPgomQDeNBHsHhxx/xGXfiph4kFr+8T52hiW4C+1v7WG84kBHAQBAQIA BgUCSOgZCQAKCRC3APSC/q+BCYvPB/97iZ9iSm2FBpoxUSm5Mo78ADAfa2Ovhsxb MbTILBDz9eKygusPa47vwlJfopLEZm0HKv99qrBVaiKUGpNSHsqxMAsA2JBPjxxw UXIkp1/dF/wZpqSVlZ0H1sUhR1ahGI45wYURMq44BBzgjeXsLfBkyJEAhnlQQ2uI Aryz8uzZjlyLhqWZECR3LkqS93wMDpyflEz5WogpaMZR1CdYn25yshb7HAjqHxXg qQb9sWN305TAEcumZclZ4OIj3p7CvFSanh5SJSKQK8N0t6XBMwl9PsT75YyIQrFF /cfhYj9c1SoOZvP/hnjU1RS+qLkudxAHfVgXsTKGwo2WIymzmTsN =8UyE -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Sat Oct 4 18:41:02 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 04 Oct 2008 21:41:02 -0400 Subject: [Enigmail] Sender under duress In-Reply-To: <48E81121.7050305@Mozilla-Enigmail.org> References: <48E81121.7050305@Mozilla-Enigmail.org> Message-ID: <48E81B2E.6080605@sixdemonbag.org> John Clizbe wrote: > I think you're layering too much meaning onto a cryptographic > signature. Agreed. > All you can be reliably certain of, if the signature verifies, was > that it was made with a given key and that the message was not > altered in transit. Not quite. You can be assured the message was not altered between the time it was signed and the time it was delivered. You can't be assured the message wasn't altered, full stop. E.g., imagine a corporate mailserver that puts a signature on outgoing mail. Alice wishes to sign a contract electronically, so she sends an email to the vendor committing to a certain price per widget. Alice's co-worker wants to kill Alice's career, so Mallory alters Alice's message to commit to a much higher price. The message hits the mail server, which applies the signature and sends it out over the wire. When Alice attempts to repudiate the signature later, most people won't listen to her. After all, it was signed, right? And that means the message is intact, right? Don't laugh -- in corporate X.509 environments this sort of thing can and does happen, especially in shops that do everything at the server so they can guarantee they'll always have the keys to recover the data. It tends not to occur with Enigmail, though, since Enigmail applies the signature before the message leaves the PC at all. ... The upshot: in the general case, there's an important caveat. With respect to Enigmail, John is exactly right. From enigmail at jean-marc.meessen-web.org Sun Oct 5 01:29:51 2008 From: enigmail at jean-marc.meessen-web.org (Jean-Marc Meessen) Date: Sun, 05 Oct 2008 10:29:51 +0200 Subject: [Enigmail] Enigmail not detecting/enabling GPG anymore In-Reply-To: <453b5fe1a35ec941240cb4fc9925e424@mbox.freehostia.com> References: <453b5fe1a35ec941240cb4fc9925e424@mbox.freehostia.com> Message-ID: <48E87AFF.6010404@jean-marc.meessen-web.org> Here are additional information: It looks like a security related problem as when I start ThunderBird with sudo, and install the Enigmail package, GPG is correctly detected (as seen in the Enigmail preference option). But I don't understand what changed with the TB brutal shutdown and the reinitialisation of the account (I restarted from scrap). And GPG is visible and working with the normal user. Jmm enigmail at jean-marc.meessen-web.org a e'crit : > Hello, > > I had Thunderbird and Enigmail happily working together for several months. > As it is installed on a eeePC 701 (Xandros), I moved the mail folder to a > Truecrypt Folder. This configuration worked well until... > > Due to an improper shutdown the Truecrypt disk got corrupted (filenames > unreadable, etc.). Thunderbird was running when the TC disk was inproperly > dismounted. > > I saved as many files that I could and managed to have a working > Thunderbird configuration back on the rails. But Enigmails doesn't work > anymore: GPG is not detected anymore (setting window) and (from the TB > error console) it fails to initialize GPG (normal as it can't find it). I > tried to set the path to the exe and that didn't help either. > > But GPG works correctly from the command line (version and key list > display) and an other GPG enabled tool works correctly (I used the FireGPG > Thundebird plugin). > > I tried uninstalling the Enigmail plugin and re-installing exactly the same > xpi I used initialy but it did'nt help. > > I need some hints to where to look for. I suspect a broken config file. > Where can I see why Enigmail fails to start GPG ? > > Jmm > > _______________________________________________ > Enigmail mailing list > Enigmail at mozdev.org > https://www.mozdev.org/mailman/listinfo/enigmail > > From olav at mozilla-enigmail.org Sun Oct 5 07:19:32 2008 From: olav at mozilla-enigmail.org (Olav Seyfarth) Date: Sun, 05 Oct 2008 16:19:32 +0200 Subject: [Enigmail] Enigmail stopped working - not on update In-Reply-To: References: Message-ID: <48E8CCF4.4030401@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Eitan, > Can you point me to a guide. http://enigmail.mozdev.org/download/source.php Please send the compiled XPI to me along with a detached ascii signature (gpg -a -b package.xpi). I'll then include it in the download section. Good luck, Olav -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Diese ist eine Digitale Signatur nach OpenPGP-Standard Comment: Weitere Informationen: http://privat.seyfarth.de/olav/schluessel.html iEYEAREIAAYFAkjozPIACgkQL/NBt8fdKe1h9QCfa9Z03NtzTE2U2vMGwEs9RjX8 aTAAn0/z0opeaG+CxG0r6r2qaqa8QlAE =B2B3 -----END PGP SIGNATURE----- From olav at mozilla-enigmail.org Sun Oct 5 07:30:54 2008 From: olav at mozilla-enigmail.org (Olav Seyfarth) Date: Sun, 05 Oct 2008 16:30:54 +0200 Subject: [Enigmail] Enigmail not detecting/enabling GPG anymore In-Reply-To: <48E87AFF.6010404@jean-marc.meessen-web.org> References: <453b5fe1a35ec941240cb4fc9925e424@mbox.freehostia.com> <48E87AFF.6010404@jean-marc.meessen-web.org> Message-ID: <48E8CF9E.8010900@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Jean-Marc, > It looks like a security related problem as when I start ThunderBird > with sudo, and install the Enigmail package, GPG is correctly detected > (as seen in the Enigmail preference option). ... or with TB settings, or with shell environment variables, ... > And GPG is visible and working with the normal user. Enigmail related preferences (in ~/.thunderbird/profiles//prefs.js) start wirh "user_pref("extensions.enigmail.". Make sure no GnuPG path is set there and that Enigmail has the same envronment variables set as your shell. It must include a PATH to your gpg binary, usually /usr/bin/gpg . Olav -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Diese ist eine Digitale Signatur nach OpenPGP-Standard Comment: Weitere Informationen: http://privat.seyfarth.de/olav/schluessel.html iEYEAREIAAYFAkjoz50ACgkQL/NBt8fdKe0teACgr4/3APZs2LD4iSUsr8SDY0nM pZgAoKyrq6B0j6OP4beNTFzJOA3mFn3b =mjRJ -----END PGP SIGNATURE----- From enigmail at jean-marc.meessen-web.org Sun Oct 5 12:23:34 2008 From: enigmail at jean-marc.meessen-web.org (Jean-Marc Meessen) Date: Sun, 05 Oct 2008 21:23:34 +0200 Subject: [Enigmail] [Fwd: Re: Enigmail not detecting/enabling GPG anymore] Message-ID: <48E91436.2000501@jean-marc.meessen-web.org> Hello Olav, Thank you very much for leading my way to fix my problem. Olav Seyfarth a ?crit : > > > Enigmail related preferences (in ~/.thunderbird/profiles//prefs.js) > start wirh "user_pref("extensions.enigmail.". Make sure no GnuPG path is > set there Done. no path set > and that Enigmail has the same envronment variables set as your > shell. I have no idea how to check this. I searched Internet to try to figure this out but I have no clue. > It must include a PATH to your gpg binary, usually /usr/bin/gpg . > In a terminal window, when I type "echo $PATH" I get a path where the directory GPG is residing in (/usr/bin) correctly returned. How can I check this value while in Enigmail ? A tracing option maybe ? Jmm From eitanadlerlist at gmail.com Sun Oct 5 12:28:29 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Sun, 05 Oct 2008 15:28:29 -0400 Subject: [Enigmail] Enigmail stopped working - not on update In-Reply-To: References: Message-ID: Olav Seyfarth wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Hi Eitan, > >> Can you point me to a guide. > > http://enigmail.mozdev.org/download/source.php > > Please send the compiled XPI to me along with a detached ascii signature > (gpg -a -b package.xpi). I'll then include it in the download section. > > Good luck, > Olav > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > Comment: Diese ist eine Digitale Signatur nach OpenPGP-Standard > Comment: Weitere Informationen: http://privat.seyfarth.de/olav/schluessel.html > > iEYEAREIAAYFAkjozPIACgkQL/NBt8fdKe1h9QCfa9Z03NtzTE2U2vMGwEs9RjX8 > aTAAn0/z0opeaG+CxG0r6r2qaqa8QlAE > =B2B3 > -----END PGP SIGNATURE----- on step 2 of building enigmail (Compiling Enigmail-->2-->"make") I get /usr/bin/ld: cannot find -lxpcom gmake[2]: *** [libenigmime.so.1.0] Error 1 gmake[2]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail/build' gmake[1]: *** [libs] Error 2 gmake[1]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail' gmake: *** [all] Error 2 From eitanadlerlist at gmail.com Sun Oct 5 12:39:00 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Sun, 05 Oct 2008 15:39:00 -0400 Subject: [Enigmail] Sender under duress In-Reply-To: References: Message-ID: John Clizbe wrote: > Eitan Adler wrote: >> Cryptographic signatures are generally not meant to verify the honesty >> of the sender. They can only be used reliably to verify that a specific >> person sent a message. > > I think you're layering too much meaning onto a cryptographic signature. > > All you can be reliably certain of, if the signature verifies, was that it was > made with a given key and that the message was not altered in transit. > > The duress hypothesis of this thread is a perfect example that a signature does > not guarantee that the keyholder is actually in control of the key. > Alright. Thanks for that. note to self: be much more specific when posting in the future From olav at mozilla-enigmail.org Sun Oct 5 13:31:40 2008 From: olav at mozilla-enigmail.org (Olav Seyfarth) Date: Sun, 05 Oct 2008 22:31:40 +0200 Subject: [Enigmail] [Fwd: Re: Enigmail not detecting/enabling GPG anymore] In-Reply-To: <48E91436.2000501@jean-marc.meessen-web.org> References: <48E91436.2000501@jean-marc.meessen-web.org> Message-ID: <48E9242C.30808@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Jean-Marc, > In a terminal window, when I type "echo $PATH" I get a path where the > directory GPG is residing in (/usr/bin) correctly returned. well, maybe your shell sets an environment different than when you start TB through the start menu. Is the result the same when you start it from the shell? (first close all instances of TB, open your shell, make sure gpg is in path, start TB manually from the command line, try. > How can I check this value while in Enigmail ? A tracing option maybe ? OpenPGP -> Preferences Enable Expert Settings Debugging Tab, enter a DIRECTORY Restart TB and reproduce your problem check results of your debug DIR Olav -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Diese ist eine Digitale Signatur nach OpenPGP-Standard Comment: Weitere Informationen: http://privat.seyfarth.de/olav/schluessel.html iEYEAREIAAYFAkjpJCsACgkQL/NBt8fdKe0a3gCgrjrND6HJHVDiFmYJ0pNDMu/U s9IAniLRDxLhKl4zCpSM07OWR79+scHB =OZah -----END PGP SIGNATURE----- From patrick at mozilla-enigmail.org Mon Oct 6 00:41:03 2008 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Mon, 06 Oct 2008 09:41:03 +0200 Subject: [Enigmail] Enigmail stopped working - not on update In-Reply-To: References: Message-ID: <48E9C10F.2040807@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> Can you point me to a guide. > http://enigmail.mozdev.org/download/source.php > > Please send the compiled XPI to me along with a detached ascii signature > (gpg -a -b package.xpi). I'll then include it in the download section. > > Good luck, > Olav > on step 2 of building enigmail (Compiling Enigmail-->2-->"make") I get > /usr/bin/ld: cannot find -lxpcom > gmake[2]: *** [libenigmime.so.1.0] Error 1 > gmake[2]: Leaving directory > `/home/tb/mozilla/mailnews/extensions/enigmail/build' > gmake[1]: *** [libs] Error 2 > gmake[1]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail' > gmake: *** [all] Error 2 It looks like you made an error, but it's hard to tell with just the little information you gave what went wrong. I'm guessing that you either didn't compile the required Thunderbird parts properly (Step 1-4 of "Compiling Thunderbird") or your OBJDIR is wrong. HTH, Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBSOnBDncOpHodsOiwAQJbPwgAmVJRduBkpv4QJ7Pf5Oq/w+SVlRJPZTZ1 giosYroqXnpvOnDTQ7YWKJlZhyhL7YqC+bIaXd5tQ18x6rX6ZMJPJ5obQ9mpW8nL va3ExIensGdvIE8vuPT2S/T3PtBiPSALZ59v4/zhz2Xur0EGtkBeGalWBiri654l vIFxjj1xAbxdfF4LCAk6sRKgRGqCoBRDqJlsEwCpfHgNk6KM6KF3aSFg64DI+8Z5 05t7rAVTK+b8QmLoCCE/gjfPcmWCvkqoHnkqv/177/ulI3L3Su4cTq9EyOAxeLPm 4UzCEUgcAwWOolOc13eplL+eGoxrFXkdLzm7HOm7AE+afLC2FgQwdQ== =d7SU -----END PGP SIGNATURE----- From eitanadlerlist at gmail.com Mon Oct 6 19:40:26 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Mon, 06 Oct 2008 22:40:26 -0400 Subject: [Enigmail] Enigmail stopped working - not on update In-Reply-To: References: Message-ID: Patrick Brunschwig wrote: > > It looks like you made an error, but it's hard to tell with just the > little information you gave what went wrong. I'm guessing that you > either didn't compile the required Thunderbird parts properly (Step 1-4 > of "Compiling Thunderbird") or your OBJDIR is wrong. > > HTH, > Patrick [snip] I ran through all the steps again. I got no errors whatsoever under the "make" after "./makemake". I followed the steps exactly as shown (I didn't change .mozconfig or -o or any other configuration files). my /etc/make.conf is PERL_VER=5.8.8 PERL_VERSION=5.8.8 /usr/bin/ld: cannot find -lxpcom --> are those flags? [tb at moo ~]$/usr/bin/ld /usr/bin/ld: no input files [tb at moo ~]$/usr/bin/ld -lxpcom /usr/bin/ld: cannot find -lxpcom is this a difference between Linux ld and BSD ld perhaps? /usr/local/bin/gmake export gmake[1]: Entering directory `/home/tb/mozilla/mailnews/extensions/enigmail' gmake[2]: Entering directory `/home/tb/mozilla/mailnews/extensions/enigmail/ipc' gmake[3]: Entering directory `/home/tb/mozilla/mailnews/extensions/enigmail/ipc/public' /home/tb/mozilla/config/nsinstall -R -m 644 nsIProcessInfo.idl nsIPipeTransport.idl nsIPipeConsole.idl nsIPipeListener.idl nsIPipeChannel.idl nsIPipeFilterListener.idl nsIIPCBuffer.idl nsIIPCService.idl ../../../../../dist/idl /home/tb/mozilla/config/nsinstall -R -m 644 _xpidlgen/nsIProcessInfo.h _xpidlgen/nsIPipeTransport.h _xpidlgen/nsIPipeConsole.h _xpidlgen/nsIPipeListener.h _xpidlgen/nsIPipeChannel.h _xpidlgen/nsIPipeFilterListener.h _xpidlgen/nsIIPCBuffer.h _xpidlgen/nsIIPCService.h ../../../../../dist/include/ipc gmake[3]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail/ipc/public' gmake[3]: Entering directory `/home/tb/mozilla/mailnews/extensions/enigmail/ipc/src' /home/tb/mozilla/config/nsinstall -R -m 644 IPCProcess.h ../../../../../dist/include/ipc gmake[3]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail/ipc/src' gmake[2]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail/ipc' gmake[2]: Entering directory `/home/tb/mozilla/mailnews/extensions/enigmail/public' /home/tb/mozilla/config/nsinstall -R -m 644 nsIEnigMsgCompFields.idl nsIEnigMimeService.idl nsIEnigMimeDecrypt.idl nsIEnigMimeVerify.idl nsIEnigMimeWriter.idl nsIEnigMimeHeaderSink.idl nsIEnigMimeListener.idl nsIEnigMimeReadCallback.idl ../../../../dist/idl /home/tb/mozilla/config/nsinstall -R -m 644 _xpidlgen/nsIEnigMsgCompFields.h _xpidlgen/nsIEnigMimeService.h _xpidlgen/nsIEnigMimeDecrypt.h _xpidlgen/nsIEnigMimeVerify.h _xpidlgen/nsIEnigMimeWriter.h _xpidlgen/nsIEnigMimeHeaderSink.h _xpidlgen/nsIEnigMimeListener.h _xpidlgen/nsIEnigMimeReadCallback.h ../../../../dist/include/enigmime gmake[2]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail/public' gmake[2]: Entering directory `/home/tb/mozilla/mailnews/extensions/enigmail/src' gmake[2]: Nothing to be done for `export'. gmake[2]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail/src' gmake[2]: Entering directory `/home/tb/mozilla/mailnews/extensions/enigmail/build' gmake[3]: Entering directory `/home/tb/mozilla/mailnews/extensions/enigmail/build/package' gmake[3]: Nothing to be done for `export'. gmake[3]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail/build/package' gmake[2]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail/build' gmake[2]: Entering directory `/home/tb/mozilla/mailnews/extensions/enigmail/ui' gmake[3]: Entering directory `/home/tb/mozilla/mailnews/extensions/enigmail/ui/content' gmake[3]: Nothing to be done for `export'. gmake[3]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail/ui/content' gmake[3]: Entering directory `/home/tb/mozilla/mailnews/extensions/enigmail/ui/skin' gmake[4]: Entering directory `/home/tb/mozilla/mailnews/extensions/enigmail/ui/skin/classic' gmake[4]: Nothing to be done for `export'. gmake[4]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail/ui/skin/classic' gmake[3]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail/ui/skin' gmake[2]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail/ui' gmake[2]: Entering directory `/home/tb/mozilla/mailnews/extensions/enigmail/package' /home/tb/mozilla/config/nsinstall -R -m 644 nsIEnigmail.idl ../../../../dist/idl /home/tb/mozilla/config/nsinstall -R -m 644 _xpidlgen/nsIEnigmail.h ../../../../dist/include gmake[2]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail/package' gmake[2]: Entering directory `/home/tb/mozilla/mailnews/extensions/enigmail/lang' /usr/bin/perl5 ./make-lang-xpi.pl ./current-languages.txt . gmake[2]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail/lang' gmake[1]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail' /usr/local/bin/gmake libs gmake[1]: Entering directory `/home/tb/mozilla/mailnews/extensions/enigmail' gmake[2]: Entering directory `/home/tb/mozilla/mailnews/extensions/enigmail/ipc' gmake[3]: Entering directory `/home/tb/mozilla/mailnews/extensions/enigmail/ipc/public' /home/tb/mozilla/config/nsinstall -R -m 644 _xpidlgen/ipc.xpt ../../../../../dist/bin/components gmake[3]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail/ipc/public' gmake[3]: Entering directory `/home/tb/mozilla/mailnews/extensions/enigmail/ipc/src' /home/tb/mozilla/config/nsinstall -R -m 644 libipc_s.a ../../../../../dist/lib gmake[3]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail/ipc/src' gmake[2]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail/ipc' gmake[2]: Entering directory `/home/tb/mozilla/mailnews/extensions/enigmail/public' /home/tb/mozilla/config/nsinstall -R -m 644 _xpidlgen/enigmime.xpt ../../../../dist/bin/components gmake[2]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail/public' gmake[2]: Entering directory `/home/tb/mozilla/mailnews/extensions/enigmail/src' /home/tb/mozilla/config/nsinstall -R -m 644 libenigmime_s.a ../../../../dist/lib gmake[2]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail/src' gmake[2]: Entering directory `/home/tb/mozilla/mailnews/extensions/enigmail/build' rm -f libenigmime.so.1.0 c++ -I/usr/X11R6/include -I/usr/X11R6/include -fno-rtti -fno-exceptions -Wall -Wconversion -Wpointer-arith -Wcast-align -Woverloaded-virtual -Wsynth -Wno-ctor-dtor-privacy -Wno-non-virtual-dtor -Wno-long-long -pedantic -fshort-wchar -pipe -DNDEBUG -DTRIMMED -O -fPIC -shared -Wl,-h,libenigmime.so.1.0 -o libenigmime.so.1.0 nsEnigModule.o -Wl,--whole-archive ../src/libenigmime_s.a ../ipc/src/libipc_s.a -Wl,--no-whole-archive -L../../../../dist/bin -L../../../../dist/lib -L../../../../dist/bin -lxpcom -lxpcom_core -L../../../../dist/lib -lxpcom_compat -L../../../../dist/lib -lplds4 -lplc4 -lnspr4 -pthread -Wl,-Bsymbolic -lm /usr/bin/ld: cannot find -lxpcom gmake[2]: *** [libenigmime.so.1.0] Error 1 gmake[2]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail/build' gmake[1]: *** [libs] Error 2 gmake[1]: Leaving directory `/home/tb/mozilla/mailnews/extensions/enigmail' gmake: *** [all] Error 2 From eitanadlerlist at gmail.com Tue Oct 7 15:56:43 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Tue, 07 Oct 2008 18:56:43 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: Message-ID: [snip] Alright - what about this scenario: Bob is security conscience and always signs his messages sent to Alice. Dora wants to harm Bob's career and she sends a forged message claiming to be from Bob to Alice. Alice is an ordinary human and does not notice the missing "this message is signed" notice and therefore acts upon this message. Bob's career is ruined. Alice also gets messages from many people that don't sign their emails. It would ruin the effect of an "unsigned message" notice if she got it for every message that had no signature. Even if it is not a header there should be some way to enable/disable a "unsigned message" notice per user. From jmoore3rd at bellsouth.net Tue Oct 7 16:37:03 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Tue, 07 Oct 2008 19:37:03 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: Message-ID: <48EBF29F.6060300@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Eitan Adler wrote: > Even if it is not a header there should be some way to enable/disable a > "unsigned message" notice per user. Er.... At the risk of sounding rude & 'short' I'd like to point out that there is such a 'feature'; it is called the practice of 'due diligence' on the part of the Message Recipient. If Bob 'Signs' /every/ Message and Alice fails to notice/observe that a Message "from Bob" is un-Signed prior to taking action on the contents of said Message without confirming with Bob then the 'negligence' rests with Alice. Period! If Alice is so careless as to not observe that the Signature is absent; what guarantees that Alice would notice the 'notice' that "This Message is Not Signed"? In the litigious Society in which We now live Your 'scenario' would probably result in the next Message received by Alice being from Bob's attorney. The onus for Bob's career woes would rest squarely on Alice's shoulders. Only the presence of a verified Signature from Bob carries any significant meaning. The absence of the customary Signature should alert Alice to double check the veracity of the missive _prior_ to taking action based solely upon said Message. I fail to see the practicality of even attempting to 'idiot proof' the absence of a Signature. If Alice [or any Recipient] is so security careless as to not observe the lack of a verified Signature then there is no protocol that will correct Her foolishness. :-\ JOHN ;) Timestamp: Tuesday 07 Oct 2008, 19:36 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI6/KdAAoJEBCGy9eAtCsPnzgH/3bnlflNmxtI6U0H3Nr5avf9 MTvi1MnRLgJgU8rkiIrXfLwqb9QqVaWx6pasYaZ7QNZYO+28eSUBePGbJ0G0TDB5 ral3XohAR4jAUm50Ckyp5WLqEjoA4itxLu1tagmlTNuCfmYIMQ1fHdxp8FJZ28uw EVcIV1JZ/Va73pxYzDXYR4Ijw2aMnesbX0EwXFH+jIIRMsaepTC9xm5zNlTXWZnW y6WH1htYyEM1QGuXSqPGXgg1LUfmSGNXY6mRGNuteRRlKvo2hRTkcAGHNosE6jpp 2t2dqcUX53r9KC/ZDCA7n3k5iKyAA900+CBVjdd3KWLi8y4mewmQ+4hiigreKQY= =6MgW -----END PGP SIGNATURE----- From alaric at metrocast.net Tue Oct 7 16:48:30 2008 From: alaric at metrocast.net (Phil Stracchino) Date: Tue, 07 Oct 2008 19:48:30 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: <48EBF29F.6060300@bellsouth.net> References: <48EBF29F.6060300@bellsouth.net> Message-ID: <48EBF54E.4010607@metrocast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John W. Moore III wrote: > Eitan Adler wrote: > >> Even if it is not a header there should be some way to enable/disable a >> "unsigned message" notice per user. > > Er.... At the risk of sounding rude & 'short' I'd like to point out > that there is such a 'feature'; it is called the practice of 'due > diligence' on the part of the Message Recipient. If Bob 'Signs' /every/ > Message and Alice fails to notice/observe that a Message "from Bob" is > un-Signed prior to taking action on the contents of said Message without > confirming with Bob then the 'negligence' rests with Alice. Period! I'll see your "due diligence" and raise you one "attentional blindness". "Due diligence" at the zero-errors level is something that very few, if any, human beings are *capable* of maintaining all day, every day. - -- Phil Stracchino, CDK#2 DoD#299792458 ICBM: 43.5607, -71.355 alaric at caerllewys.net alaric at metrocast.net phil at co.ordinate.org Renaissance Man, Unix ronin, Perl hacker, Free Stater It's not the years, it's the mileage. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREIAAYFAkjr9U4ACgkQ0DfOju+hMkno/gCdFSzHaZnBkmSkydJ6PVFCUjsV w8oAoOwiXG/5C2tFSgwWd92yqJDbXjWq =wIvh -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Tue Oct 7 16:55:49 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Tue, 07 Oct 2008 19:55:49 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: <48EBF54E.4010607@metrocast.net> References: <48EBF29F.6060300@bellsouth.net> <48EBF54E.4010607@metrocast.net> Message-ID: <48EBF705.2030804@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Phil Stracchino wrote: > I'll see your "due diligence" and raise you one "attentional blindness". > "Due diligence" at the zero-errors level is something that very few, if > any, human beings are *capable* of maintaining all day, every day. Possibly true; then Alice is probably related to the carpenter who was heard exclaiming "I'm confused; I've cut it twice and it's still too short." :) JOHN ;) Timestamp: Tuesday 07 Oct 2008, 19:55 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI6/cCAAoJEBCGy9eAtCsP8jMIAJqkh/SN6Hc4llb5NckSnHQn /MR2SoquBLcqbSFdGEX4tG+JW+ZJXpaug6cGAoX0tzCXlo4eeZ5S3dx6L6YOSmh/ JdVw8l6mk7XQ31xtUTV5JEewkHqqIZtFsbjug/ZEmlpoM+H3TPwnqvm2Dv8Yj05H ztqwuCYvEACzEoZFDqaSXb9+SV5puzj2alxNbLsWL46fe2Ucp1IPEsNeFiA3q2kP vcENzC3Bq8lFxKlrT/1noztfHfFyB0bv1+Qp+k9cxh8kZYiwpOfK+4RaC33FuyZC IB6PrOaMQNWF8hIK7EXa3CS6mvg8HrXYzoTLCLqTPYcm8PnLN9dZhEdJbeGu1m8= =cajl -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Tue Oct 7 17:07:32 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 07 Oct 2008 20:07:32 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: Message-ID: <48EBF9C4.3080506@sixdemonbag.org> Eitan Adler wrote: > Alright - what about this scenario: This is the last one you get for free. After this, I start billing $150/hr. for security consulting. > Bob is security conscience and always signs his messages sent to Alice. Sure. > Dora wants to harm Bob's career and she sends a forged message claiming > to be from Bob to Alice. Alice is an ordinary human and does not notice > the missing "this message is signed" notice and therefore acts upon this > message. Bob's career is ruined. Alice also gets messages from many > people that don't sign their emails. It would ruin the effect of an > "unsigned message" notice if she got it for every message that had no > signature. Bogus. Let's put this into a more realistic scenario. Imagine that I'm still in graduate school and I'm the TA for a class. A student is angry at me for his failing grade, and decides to get payback by posting messages in my name to white supremacist mailing lists. I get hauled in front of the dean and asked to explain my actions. "What actions?" I get presented with the messages. "They're not from me! I never signed these -- I sign all my emails! I have a five year record of signing my emails! Everyone in the department knows this! Are you kidding me?!" The dean nods. "Yes, Rob. We know you didn't sign them. We're assuming it's because you wanted to repudiate them later if we ever found them. You'll understand if we suspend you from your university posting while we get to the bottom of this, right?" Moral of the story: what you want crypto to do, it cannot do. If it could, then the alternative would be just as bad: it would give anyone a free pass to deny responsibility for anything they wrote just by failing to sign the message. > Even if it is not a header there should be some way to enable/disable a > "unsigned message" notice per user. And while you're at it, everyone should have a pony. That doesn't mean everyone's going to get one, or that everyone is even capable of stabling one. There are a lot of things in crypto that are "should". Fortunately for us, we get to deal with a different question: "can we do this, and if so, what are the tradeoffs?" Even then, that's a hideously complex question. Fortunately, it's still within the realm of tractability. From John at Mozilla-Enigmail.org Tue Oct 7 17:13:25 2008 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Tue, 07 Oct 2008 19:13:25 -0500 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: Message-ID: <48EBFB25.5070703@Mozilla-Enigmail.org> Eitan Adler wrote: > [snip] > Alright - what about this scenario: > > Bob is security conscience and always signs his messages sent to Alice. > Dora wants to harm Bob's career and she sends a forged message > claiming to be from Bob to Alice. Alice is an ordinary human and does > not notice the missing "this message is signed" notice and therefore > acts upon this message. Bob's career is ruined. Alice also gets > messages from many people that don't sign their emails. It would ruin > the effect of an "unsigned message" notice if she got it for every > message that had no signature. > > Even if it is not a header there should be some way to enable/disable a > "unsigned message" notice per user. Your header kludge is subject to so many easy attacks as to be unworkable. Crypto can solve some problems very very well. This is not one of them. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature URL: From eitanadlerlist at gmail.com Tue Oct 7 18:03:29 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Tue, 07 Oct 2008 21:03:29 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: Message-ID: John W. Moore III wrote: > > The onus for Bob's career woes would rest squarely on Alice's shoulders. > Only the presence of a verified Signature from Bob carries any > significant meaning. The absence of the customary Signature should > alert Alice to double check the veracity of the missive _prior_ to > taking action based solely upon said Message. First off how would she know that the "customary" signature is missing. Secondly it is will established among most psychologists that people do not notice the absence of some specific object or sign even if that object is there on a regular basis. Even without the header idea, which I now agree was a bad initial choice, the UI to enable a warning on the non-existence of a signature based on sender should still exist. To quote John Moore: "Due diligence" at the zero-errors level is something that very few, if any, human beings are *capable* of maintaining all day, every day. What you are proposing is a system similar to people noticing when the little padlock in their browser is missing. This system has been scraped (somewhat) for a more obvious alternative of alerting the end user when problems exist with the certificate in a clear and effective manner. This system IMHO works a lot better than the one where we expect users to go against their nature. I fail to see the > practicality of even attempting to 'idiot proof' the absence of a > Signature. I do not propose 'idiot proof', only 'better than we have it now'. If Alice [or any Recipient] is so security careless as to > not observe the lack of a verified Signature then there is no protocol > that will correct Her foolishness. :-\ > > JOHN ;) From eitanadlerlist at gmail.com Tue Oct 7 18:12:29 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Tue, 07 Oct 2008 21:12:29 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: Message-ID: Robert J. Hansen wrote: > Eitan Adler wrote: [snip] > >> Bob is security conscience and always signs his messages sent to Alice. > > Sure. > >> Dora wants to harm Bob's career and she sends a forged message claiming >> to be from Bob to Alice. Alice is an ordinary human and does not notice >> the missing "this message is signed" notice and therefore acts upon this >> message. Bob's career is ruined. Alice also gets messages from many >> people that don't sign their emails. It would ruin the effect of an >> "unsigned message" notice if she got it for every message that had no >> signature. > > Bogus. > > Let's put this into a more realistic scenario. Imagine that I'm still > in graduate school and I'm the TA for a class. A student is angry at me > for his failing grade, and decides to get payback by posting messages in > my name to white supremacist mailing lists. > > I get hauled in front of the dean and asked to explain my actions. > "What actions?" I get presented with the messages. "They're not from > me! I never signed these -- I sign all my emails! I have a five year > record of signing my emails! Everyone in the department knows this! > Are you kidding me?!" > > The dean nods. "Yes, Rob. We know you didn't sign them. We're > assuming it's because you wanted to repudiate them later if we ever > found them. You'll understand if we suspend you from your university > posting while we get to the bottom of this, right?" > [snip] The fundamental difference between my scenario and yours is that the state of "always signing" is not with the sender but with recipient. The recipient always gets signed messages regardless of whether not the sender always signs all messages. The sender is still free to send unsigned messages, and unsigned messages can still be traced back to the sender in scenario you presented. From rjh at sixdemonbag.org Tue Oct 7 18:22:28 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 07 Oct 2008 21:22:28 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: Message-ID: <48EC0B54.9010809@sixdemonbag.org> Eitan Adler wrote: > Secondly it is will established among most psychologists that people do > not notice the absence of some specific object or sign even if that > object is there on a regular basis. I'd like to see a citation for this, please. It seems to be an unusual claim to make. I think I would notice if my apartment door was missing, or my toilet, or the buttons on the elevator, or any of many, many other things in my daily life. It may be the case that some certain classes of objects are prone to being overlooked, but as a general statement about reality I just don't see it holding true. > Even without the header idea, which I now agree was a bad initial > choice, the UI to enable a warning on the non-existence of a signature > based on sender should still exist. Sure. You get to be the one to support all the users who drown the mailing list with "since I installed Enigmail, almost all of my messages have been giving me error messages! Help!" You continue to obsess over the "should," and neglect the "can we and with what tradeoffs". > This system IMHO works a lot better than the one where we > expect users to go against their nature. Both systems have been roundly excoriated by people working in HCI. They're both really bad. True story. My friend Peter Likarish has come up with a phenomenally cool anti-phishing technology. (I can't talk about it since it's prepublication. But it _works_. I think in five years his technique might well be a standard part of every browser.) For user testing, he packaged it up into a Firefox browser extension. Whenever the user visited a phishing site, it would put a small red banner across the top of the content pane. "This may be a phishing site. Click to dismiss this warning." Of 25 users, _not one_ reported seeing the banner. That's right. Not a single one. His 25 users were not technically proficient, it's true, but that was a deliberate choice on his part. He wanted to make antiphishing technologies useful for the average user. But not a single one saw it. So Peter went back to the drawing board. Now, the banner would start off small, but would slowly grow to cover a quarter of the content pane. Of 25 users, _not one_ reported seeing the new, creeping-growth banner. When he asked users later what they saw, they attributed it to "a pop-up ad" or "just another Microsoft warning". They were aware that it existed, but they never bothered to look at it. When Peter told me this, I was incredulous. Then Peter got very frustrated and asked me if I wanted to see the video of a user who reported not seeing the banner at all. You can see this person's eyes steadily moving down the screen as the banner grows. The banner is right there in front of them, and they don't even see it. ... Moral of the story: whenever anyone tells me "I have an idea to make this warning clearer for newbies," my first question is "great: have you done usability testing yet?" Because if you haven't, then I really can't talk about your idea. Everyone has a way to make it clearer and easier. Maybe one in a thousand will actually work. From rjh at sixdemonbag.org Tue Oct 7 18:25:15 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 07 Oct 2008 21:25:15 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: Message-ID: <48EC0BFB.7010305@sixdemonbag.org> Eitan Adler wrote: > The fundamental difference between my scenario and yours is that the > state of "always signing" is not with the sender but with recipient. The > recipient always gets signed messages regardless of whether not the > sender always signs all messages. At this point you've walked away from reality and straight into the realm of wild fantasy. Sorry. I have no more time for this. From rjh at sixdemonbag.org Tue Oct 7 18:48:02 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Tue, 07 Oct 2008 21:48:02 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: Message-ID: <48EC1152.90108@sixdemonbag.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Eitan Adler wrote: > The fundamental difference between my scenario and yours is that the > state of "always signing" is not with the sender but with recipient. The > recipient always gets signed messages regardless of whether not the > sender always signs all messages. > > The sender is still free to send unsigned messages, and unsigned > messages can still be traced back to the sender in scenario you presented. What the hell. I'll take one last pass at it. Next one I start charging consulting fees for, though. "'Always signing' is not with the sender but with recipient." I don't know how to respond to this. In the realm of coherent, well-founded statements, this ranks up there with "the business of the book sleeps eternally" and "colorless green ideas sleep furiously". In terms of mathematical formalism, you have committed what is called "category error." Dan Simmons has explained it as "... the term for having stated or defined a problem so poorly that it becomes impossible to solve that problem, through dialectic or any other means." Or, formally speaking, it is the error of ascribing properties to a thing which cannot possibly have those properties. Imagine that after Pearl Harbor, FDR were to have told the American people "our ships were destroyed by Japanese planes based on Japanese carriers who flew to Hawaii and dropped bombs on us. Therefore, today the United States is at war with naval aviation, since naval aviation is the one culpable for this disaster." You'd think there was a slight misunderstanding on FDR's part about what had happened and who/what was ultimately responsible, right? The statement "'Always signing' is not with the sender but with recipient" is pretty much like that. http://en.wikipedia.org/wiki/Category_error The sender gets to decide whether messages are signed. The recipient gets to decide whether a signature is necessary for the message to be trusted. If you want to say "users should have the option of saying, 'I want all messages to be signed, and if they aren't, Enigmail should warn me"... fine. Enigmail already does this -- and you know this -- and John Moore has explicitly pointed it out to you. If the message has a correct signature from a validated key, it puts a neat little green bar at the top of the screen. No green bar? Well, then consider yourself warned. Changing this to a red bar will not change a blessed thing. If you teach yourself to tune out looking for that green bar, should we really believe you're going to suddenly notice a red bar? If we put up a screen that says "This message wasn't signed. Do you really want to read it?", we're just going to train people to click "Yes" and ignore the warning altogether. (Which is, incidentally, already what people are doing with the new Firefox warning screen.) Category error: defining a problem so poorly it becomes impossible to solve that problem. You've defined your problem as "Enigmail doesn't give effective warnings in the absence of a signature." As long as you define the problem that way, you will never address your underlying issue. -----BEGIN PGP SIGNATURE----- iFYEAREIAAYFAkjsEVEACgkQI4Br5da5jhAQoADgqB6ApcgXZGjyCeX5DATJuZoU er15V29DrvU3NwDgqJ1TKZcEva0IrZqVbaxtJqMXYjuDi2Q4TAm4lokBHAQBAQgA BgUCSOwRUQAKCRC3APSC/q+BCe1vB/9CuJvPVu/IgGmMmvE1mze7K5fU/GT7/akx lXUTY+2u3rJDBD4ptLA/NyqFwvF4Xzsep/YNOprUW6PbRg92Nm1WxGX8LAgZsemI btJaLFPZhCV0VqfBbsyjKaDYXNM5MzQVK7q46GqEUyGzLwAlWCZunoHWCGi55BfU gkiphQdNKxNwgeNwocSG7cUC2h4FOiL7RtUkY3a7EM5SSEVQ6HLOXfc+8NE/9Bnx c888HbY1fl68RgEAPTu/IaLKW34DfVkfOunaro9Y0ylv2V2UzdjD80CTVwRAfMf0 mmY/jxQHuUqeb/PgP9o9L1HStWUZqQafFTiIZ56bmkadUk4Zi0Dp =4rC/ -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Tue Oct 7 20:31:40 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Tue, 07 Oct 2008 23:31:40 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: Message-ID: <48EC299C.7060603@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Eitan Adler wrote: > To quote John Moore: "Due diligence" at the zero-errors level is > something that very few, if any, human beings are *capable* of > maintaining all day, every day. Wrong attribution; Phil S. said this. > What you are proposing is a system similar to people noticing when the > little padlock in their browser is missing. This system has been > scraped (somewhat) for a more obvious alternative of alerting the end > user when problems exist with the certificate in a clear and effective > manner. This system IMHO works a lot better than the one where we > expect users to go against their nature. No, I was following Your scenario wherein Bob _always_ Signs His Messages. Presumably Alice is aware of this if She has received any prior messages from Bob so the absence of a Signature should be noticeable. Either the Signature Block is there or it isn't. If using Enigmail then the 'Enigmail/OpenPGP Bar' will be visible in Thunderbird or SeaMonkey indicating a Signature is present and whether or not it was verifiable. No color coded Sig 'Bar' in Enigmail indicates that there is no Signature on the Message. Just because Alice failed to notice that Bob didn't sign doesn't excuse Alice from acting on unconfirmed information. If Alice is capable of 'ruining careers' simply on the basis of an unconfirmed Email then She obviously has too much Power combined with too little education/training. > I do not propose 'idiot proof', only 'better than we have it now'. What 'We have now' is elegantly simple and depends only upon the Recipient using their eyes for a visual examination of the presence of a Signature. In theory, Human Beings are more intelligent than a machine; unless You have more faith in the Software than I. Of course, insertion of the Human Judgment Factor is always the weakest link in every Security chain. :( JOHN ;) Timestamp: Tuesday 07 Oct 2008, 23:31 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI7CmbAAoJEBCGy9eAtCsPP5QH/13I5FpG1by03jY1mBIus2OV egtS//WBST3IxjFRmS9pvPnlFE2VPTMRFW4dfv2v/w1MkEFa19cZcULQwYvEFHh+ LLHrILu2bau+NvBV09+qVoNXxSlc3d+W78cIkzMzOSQFKxKvHhxGa6brd2TXrrp/ 2K9LnOi2syPVinUEfFj9USMQp0+BB6klIBL/Ku2om5atYEZKKbDvR64clVgZGq0r QIHdGlgAW1u4xDyZyt8ihtK2oecqBMzHJVdt6OgrAs3q698iyLCROMnloNfiFW+H F8FEi/38Xtb7bzw8bLJOuAnKQlOiWeNGEQ4FYbmoSvYiB/BmBjxeN1hY8xokmSw= =5bKv -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Tue Oct 7 20:46:01 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Tue, 07 Oct 2008 23:46:01 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: <48EC0B54.9010809@sixdemonbag.org> References: <48EC0B54.9010809@sixdemonbag.org> Message-ID: <48EC2CF9.2060100@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Robert J. Hansen wrote: > When he asked users later what they saw, they attributed it to "a pop-up > ad" or "just another Microsoft warning". They were aware that it > existed, but they never bothered to look at it. Excellent! Further 'proof' that People do not 'see' what they don't want to see. "Just another Microsoft Warning" indicates that most folks ignore it when being told 'Danger, Will Robinson!' & that they will blindly 'click through' and later wonder how they got conned or became infected. This reinforces My long held belief that it is impossible to protect folks from themselves. :-\ Why Governments continue to waste Taxpayer money attempting to do so continues to frustrate Me. Think Seat Belt & Motorcycle Helmet laws; those who choose to ignore the Safety Warnings are only jeopardizing themselves. No One should ever be inconvenienced by any Authority attempting to protect people from themselves. :-D JOHN ;) Timestamp: Tuesday 07 Oct 2008, 23:45 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI7Cz4AAoJEBCGy9eAtCsPrWMH/3Yj9GjE1+oFGu+yOCzyZCix tTlr3cAOjb+hOBE8n4GOxT+f8+rMvYB87BT1tdB8fcxkFrULEU5YwqcsR+7G/jBM Q2YWsxWxSlE/WfyLukGjemZY5NEXL8nq6gE6128zJY+JVE6Ihf7Z5DIMoTG9p1Xt kzXlhkfzxFMzrbk2LKOMSLj41kC3HFg/PeJCf23iulaUWLS7v1X6A9vh3wnxHD37 iT+k9R9jTPgvc4hc7wdY+7X+bqXBl8ENj1FWTbFd70n+28TAtoUCbk/qBIzjCxWl CN7N+RnZK3FPTpm1ktDNO8ko7nt23aCie+aZXl/em3yIag+is62ENLNF0cjHutA= =dThl -----END PGP SIGNATURE----- From jmoore3rd at bellsouth.net Tue Oct 7 20:56:50 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Tue, 07 Oct 2008 23:56:50 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: <48EC1152.90108@sixdemonbag.org> References: <48EC1152.90108@sixdemonbag.org> Message-ID: <48EC2F82.306@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Robert J. Hansen wrote: > screen that says "This message wasn't signed. Do you really want to > read it?", we're just going to train people to click "Yes" and ignore > the warning altogether. It would also be the Genesis of a 2 week thread and another Section in the Manual discussing how to 'Disable' this useless Warning Screen. Given the extremely small percentage of _all_ Email that is cryptographically Signed the appearance of this 'Warning' on 99% of received Email would quickly become extremely annoying. S/MIME Digital Signatures are seldom noticed unless One specifically checks to see if they have been employed. How many folks Open the header on every received Email to see if an x.509 Signature has been affixed? JOHN ;) Timestamp: Tuesday 07 Oct 2008, 23:53 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI7C9/AAoJEBCGy9eAtCsP4gQH/2ixYb3ZEhsOpYGljqPZPL7d O7dMHUOFRSAM4buGbTx5+P1ptJQxjrl7FVlTCfYJCxw9ZqPnuXCK9Nwo1TvOL7/p i2GsG8sgrfOzoPYa9o+rs4/SIwNV8qMeYaHw2COzyZ1KLNAHm534myjyZ0TCkmbM a13z9l8EseH6vZK5qIGJmJgCnkXh5TKuix3f8gPO2oLsu53dxEMGfJDJW5zAy+Yq rkr0k0nEVE6H1TTBa0ClkC1vK76I2Y4QNKg2KYr1jCj/Tn3GYF/yOAA0q1tvFeXo TcIJRVNOWq10Q9EnsphKKr+xNF8vemZmqBAm1G0OLKL38Rth++hk/d7Y6HQT2E8= =vLXC -----END PGP SIGNATURE----- From faramir.cl at gmail.com Tue Oct 7 21:39:10 2008 From: faramir.cl at gmail.com (Faramir) Date: Wed, 08 Oct 2008 00:39:10 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: <48EC2CF9.2060100@bellsouth.net> References: <48EC0B54.9010809@sixdemonbag.org> <48EC2CF9.2060100@bellsouth.net> Message-ID: <48EC396E.40707@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John W. Moore III escribi?: > ignore it when being told 'Danger, Will Robinson!' & that they will > blindly 'click through' and later wonder how they got conned or became > infected. This reinforces My long held belief that it is impossible to > protect folks from themselves. :-\ Why Governments continue to waste > Taxpayer money attempting to do so continues to frustrate Me. Think And sometimes their efforts become annoying... some time ago, when I visited a site with a certificate from CAcert, I got a warning about the certificate, and I could check the certificate to decide what to do. Now I get a big message saying "you must close this page"... I couldn't find the option to check the certificate... of course, I was not happy..... > Seat Belt & Motorcycle Helmet laws; those who choose to ignore the > Safety Warnings are only jeopardizing themselves. No One should ever be Well, some people can disagree... somebody without a seat belt can kill another passenger who was using his own seat belt, in case of an accident... And people using a computer infected with virus spread them and put in danger their contacts (of course, the contacts should know how to protect themselves). > inconvenienced by any Authority attempting to protect people from > themselves. :-D Yes, the less intrusive way to protect people from themselves is education, but you can't educate people that doesn't care... :( Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI7DluAAoJEMV4f6PvczxA8RIH/25uUWNFdaiTiQwE7aCtAwF2 wqvkmYB+WzkW5a/wQ5CLheBYx1TGju0WJF295wpl1KpNcA+g5GR5UVRgLPkSy3fa mp4HREYbbtC4+mOyUZX7e5dVrJZjaxOfRBy9CvPHCVmbtbM4RUeBKRLhFYPNmQES QM2c0vVayebqjOplSc9ByA/bGBfAuMH6Axe5pvS4YsJunsm899ppGoxyLBk5KoAF vgg/jBinHfHyCAnbUJ6GvuJ6diUOpTCIIhKQzQmhdim5lNgZUoXQqKlmh8S5Ujx7 Ys3Bg5OEzKQBbbXS1sRDcCeQJI6tmtD2pQQFgxYtSIGOdnJcbdgZoa2z4s1Ni1k= =7Vlq -----END PGP SIGNATURE----- From patrick at mozilla-enigmail.org Tue Oct 7 22:11:55 2008 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Wed, 08 Oct 2008 07:11:55 +0200 Subject: [Enigmail] Enigmail stopped working - not on update In-Reply-To: References: Message-ID: <48EC411B.5060102@mozilla-enigmail.org> Eitan Adler wrote: > Patrick Brunschwig wrote: >> >> It looks like you made an error, but it's hard to tell with just the >> little information you gave what went wrong. I'm guessing that you >> either didn't compile the required Thunderbird parts properly (Step 1-4 >> of "Compiling Thunderbird") or your OBJDIR is wrong. >> >> HTH, >> Patrick > [snip] > I ran through all the steps again. I got no errors whatsoever under the > "make" after "./makemake". I followed the steps exactly as shown (I > didn't change .mozconfig or -o or any other configuration files). > my /etc/make.conf is > PERL_VER=5.8.8 > PERL_VERSION=5.8.8 > > /usr/bin/ld: cannot find -lxpcom --> are those flags? xpcom is a library. > [tb at moo ~]$/usr/bin/ld > /usr/bin/ld: no input files > [tb at moo ~]$/usr/bin/ld -lxpcom > /usr/bin/ld: cannot find -lxpcom > > is this a difference between Linux ld and BSD ld perhaps? Maybe, but I think that Mozilla's configure would know about it. Which version of gcc do you use? -Patrick From patrick at mozilla-enigmail.org Tue Oct 7 22:15:11 2008 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Wed, 08 Oct 2008 07:15:11 +0200 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: Message-ID: <48EC41DF.7050707@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eitan Adler wrote: [...] > The fundamental difference between my scenario and yours is that the > state of "always signing" is not with the sender but with recipient. The > recipient always gets signed messages regardless of whether not the > sender always signs all messages. Well ... the problem with this is that it won't work. How would you want to enforce such a rule? I am the developer of Enigmail. What could you do if I would decide not to follow such a standard because I don't like it? And then, assume I would implement the standard. How could you ensure that nobody would download the source code, modify that part that follows the standard and use that version of Enigmail? How could you prove that the absence of a signature means anything? It's a fact that the absence of a signature or the presence of a bad signature simply don't prove anything. There is no information that you could derive from it. - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBSOxB3ncOpHodsOiwAQJxeAf/fV+zYu6bJLlFmKYg1PTo3nK66keoakTr DeEmIpGBSOZUH37vTlMZ9mwK3vcQ5EwcY7PO+natp6ws2uCNjD429//ONtvf7BuW J5njVF011HHqrdfJollTwTmj24lYqEaaM8LUN7owqsuyTAhoAm7xiqc5jGY8bTjL g2uIKwwmtYRwnn6ycngOcAHFq6Hxb8JEOAsJPygywDlvjrxRsjbHInG4ZWU3vMMn bHkq/mnK9aO/IwUxkH6zZAEBCK5RJMcfYq/7EfHHZrm4iBSQ23PESAydBVrbCKqt hUPSx0MxwsbxD/Z34QoGUS2iIwv4Yc+F+LlX2xBtUdxbPVLQeUP+Gg== =etPh -----END PGP SIGNATURE----- From patrick at mozilla-enigmail.org Tue Oct 7 22:16:06 2008 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Wed, 08 Oct 2008 07:16:06 +0200 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: Message-ID: <48EC4216.2020703@mozilla-enigmail.org> Eitan Adler wrote: [...] > The fundamental difference between my scenario and yours is that the > state of "always signing" is not with the sender but with recipient. The > recipient always gets signed messages regardless of whether not the > sender always signs all messages. Well ... the problem with this is that it won't work. How would you want to enforce such a rule? I am the developer of Enigmail. What could you do if I would decide not to follow such a standard because I don't like it? And then, assume I would implement the standard. How could you ensure that nobody would download the source code, modify that part that follows the standard and use that version of Enigmail? How could you prove that the absence of a signature means anything? It's a fact that the absence of a signature or the presence of a bad signature simply don't prove anything. There is no information that you could derive from it. And it's a fact that with the way SMTP is designed you can't generally enforce signed messages. -Patrick From alaric at metrocast.net Wed Oct 8 05:10:24 2008 From: alaric at metrocast.net (Phil Stracchino) Date: Wed, 08 Oct 2008 08:10:24 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: <48EC2CF9.2060100@bellsouth.net> References: <48EC0B54.9010809@sixdemonbag.org> <48EC2CF9.2060100@bellsouth.net> Message-ID: <48ECA330.8030109@metrocast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John W. Moore III wrote: > This reinforces My long held belief that it is impossible to > protect folks from themselves. :-\ Why Governments continue to waste > Taxpayer money attempting to do so continues to frustrate Me. Think > Seat Belt & Motorcycle Helmet laws; those who choose to ignore the > Safety Warnings are only jeopardizing themselves. No One should ever be > inconvenienced by any Authority attempting to protect people from > themselves. :-D I'll go further than that. I put it to you that attempting to protect people from the consequences of their own stupidity - not ignorance, which is remediable, but active stupidity - is directly harmful to society, because by minimizing or removing the penalty for stupidity, it encourages stupidity and increases the preponderance of stupidity in the society. Further, if society takes upon itself the responsibility to protect its members of their own stupidity, then it's only a small step to making it actionable when its protective efforts fail against some new monumental feat of stupidity. Then you have people sueing, for example, lawnmower manufacturers because it didn't occur to them that reaching under the mowing deck with their hand to clear the discharge chute while the mower was running might not be the best idea. Eventually, the society's efforts to protect people from their own stupidity come to consume so much resources, and restrict so many rational actions, that it becomes impossible to actually do anything. Left to their own devices, the incurably stupid tend to have a way of removing themselves from society. It's natural selection in action. But if that selection mechanism is disabled, then the lower effort involved in being stupid rather than smart conveys a competitive advantage. In short, the more a society goes out of its way to try to protect people from the consequences of their own stupidity, the more it breeds the human race for still greater stupidity. - -- Phil Stracchino, CDK#2 DoD#299792458 ICBM: 43.5607, -71.355 alaric at caerllewys.net alaric at metrocast.net phil at co.ordinate.org Renaissance Man, Unix ronin, Perl hacker, Free Stater It's not the years, it's the mileage. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREIAAYFAkjsoy8ACgkQ0DfOju+hMkkhYQCgzGrsTTk1z4Vmsuhv2QX6/CCi l4UAoKNwasJxt183CpS/+iXb5+dxFxGS =RT1I -----END PGP SIGNATURE----- From eitanadlerlist at gmail.com Wed Oct 8 05:52:02 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Wed, 08 Oct 2008 08:52:02 -0400 Subject: [Enigmail] Enigmail stopped working - not on update In-Reply-To: References: Message-ID: Patrick Brunschwig wrote: > Eitan Adler wrote: >> Patrick Brunschwig wrote: >>> It looks like you made an error, but it's hard to tell with just the >>> little information you gave what went wrong. I'm guessing that you >>> either didn't compile the required Thunderbird parts properly (Step 1-4 >>> of "Compiling Thunderbird") or your OBJDIR is wrong. >>> >>> HTH, >>> Patrick >> [snip] >> I ran through all the steps again. I got no errors whatsoever under the >> "make" after "./makemake". I followed the steps exactly as shown (I >> didn't change .mozconfig or -o or any other configuration files). >> my /etc/make.conf is >> PERL_VER=5.8.8 >> PERL_VERSION=5.8.8 >> >> /usr/bin/ld: cannot find -lxpcom --> are those flags? > > xpcom is a library. > >> [tb at moo ~]$/usr/bin/ld >> /usr/bin/ld: no input files >> [tb at moo ~]$/usr/bin/ld -lxpcom >> /usr/bin/ld: cannot find -lxpcom >> >> is this a difference between Linux ld and BSD ld perhaps? > > Maybe, but I think that Mozilla's configure would know about it. Which > version of gcc do you use? > > -Patrick from gcc -v Using built-in specs. Target: i386-undermydesk-freebsd Configured with: FreeBSD/i386 system compiler Thread model: posix gcc version 4.2.1 20070719 [FreeBSD] From eitanadlerlist at gmail.com Wed Oct 8 05:57:58 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Wed, 08 Oct 2008 08:57:58 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: <48EC1152.90108@sixdemonbag.org> Message-ID: John W. Moore III wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Robert J. Hansen wrote: > [snip] > Given the extremely small percentage of _all_ Email that is > cryptographically Signed the appearance of this 'Warning' on 99% of > received Email would quickly become extremely annoying. This message would only appear for recipients that you specifically enable it for (I dropped the header idea a few emails ago). Alice sends (unautomated) signed message to Bob "I always sign my messages - just letting you know". Bob who gets many messages from many people each day goes to his address book and clicks the "this sender always uses a key" for Alice. Claire sends an unsigned message pretending to be from Alice an Bob gets a message that the message is missing a key. Tradeoffs: Extra UI space, one more paragraph in the documentation, more complex code to maintain (possibly the worst of the three). From eitanadlerlist at gmail.com Wed Oct 8 06:04:35 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Wed, 08 Oct 2008 09:04:35 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: Message-ID: Patrick Brunschwig wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Eitan Adler wrote: > [...] >> The fundamental difference between my scenario and yours is that the >> state of "always signing" is not with the sender but with recipient. The >> recipient always gets signed messages regardless of whether not the >> sender always signs all messages. I should clarify: "the state of 'aways signing'" means the expectation that the other person will sign all his messages. The above should read: >> The fundamental difference between my scenario and yours is that the expectation that the sender will sign all his messages is not with the sender but with recipient. The recipient expects to always gets signed messages regardless of whether not the sender always signs all messages to anyone else. > > Well ... the problem with this is that it won't work. How would you want > to enforce such a rule? I am the developer of Enigmail. What could you > do if I would decide not to follow such a standard because I don't like > it? And then, assume I would implement the standard. How could you > ensure that nobody would download the source code, modify that part that > follows the standard and use that version of Enigmail? How could you > prove that the absence of a signature means anything? Note the above clarification - I think it answers these questions. > > It's a fact that the absence of a signature or the presence of a bad > signature simply don't prove anything. There is no information that you > could derive from it. This system is not designed to PROVE that someone didn't sign a message but rather to ALERT you when it is likely that someone didn't sent a message. That way you can verify with the person using some other more secure way (e.g. signed message or phone) to verify whether or not he sent the message. > > - -Patrick > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEVAwUBSOxB3ncOpHodsOiwAQJxeAf/fV+zYu6bJLlFmKYg1PTo3nK66keoakTr > DeEmIpGBSOZUH37vTlMZ9mwK3vcQ5EwcY7PO+natp6ws2uCNjD429//ONtvf7BuW > J5njVF011HHqrdfJollTwTmj24lYqEaaM8LUN7owqsuyTAhoAm7xiqc5jGY8bTjL > g2uIKwwmtYRwnn6ycngOcAHFq6Hxb8JEOAsJPygywDlvjrxRsjbHInG4ZWU3vMMn > bHkq/mnK9aO/IwUxkH6zZAEBCK5RJMcfYq/7EfHHZrm4iBSQ23PESAydBVrbCKqt > hUPSx0MxwsbxD/Z34QoGUS2iIwv4Yc+F+LlX2xBtUdxbPVLQeUP+Gg== > =etPh > -----END PGP SIGNATURE----- From eitanadlerlist at gmail.com Wed Oct 8 06:06:49 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Wed, 08 Oct 2008 09:06:49 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: Message-ID: Robert J. Hansen wrote: [snip[ > > You've defined your problem as "Enigmail doesn't give effective warnings > in the absence of a signature." As long as you define the problem that > way, you will never address your underlying issue. No: I have defined the problem as: "Enigmail doesn't give effective warnings in the absence of an *expected* signature." > > > > -----BEGIN PGP SIGNATURE----- > > iFYEAREIAAYFAkjsEVEACgkQI4Br5da5jhAQoADgqB6ApcgXZGjyCeX5DATJuZoU > er15V29DrvU3NwDgqJ1TKZcEva0IrZqVbaxtJqMXYjuDi2Q4TAm4lokBHAQBAQgA > BgUCSOwRUQAKCRC3APSC/q+BCe1vB/9CuJvPVu/IgGmMmvE1mze7K5fU/GT7/akx > lXUTY+2u3rJDBD4ptLA/NyqFwvF4Xzsep/YNOprUW6PbRg92Nm1WxGX8LAgZsemI > btJaLFPZhCV0VqfBbsyjKaDYXNM5MzQVK7q46GqEUyGzLwAlWCZunoHWCGi55BfU > gkiphQdNKxNwgeNwocSG7cUC2h4FOiL7RtUkY3a7EM5SSEVQ6HLOXfc+8NE/9Bnx > c888HbY1fl68RgEAPTu/IaLKW34DfVkfOunaro9Y0ylv2V2UzdjD80CTVwRAfMf0 > mmY/jxQHuUqeb/PgP9o9L1HStWUZqQafFTiIZ56bmkadUk4Zi0Dp > =4rC/ > -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Wed Oct 8 06:13:48 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 08 Oct 2008 09:13:48 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: Message-ID: <48ECB20C.5080305@sixdemonbag.org> Eitan Adler wrote: > No: I have defined the problem as: "Enigmail doesn't give effective > warnings in the absence of an *expected* signature." And, as people have told you several times so far, there is no known way to convey an expectation of signature. This makes your definition nonsense: it's like saying "Enigmail doesn't magically summon unicorns." From eitanadlerlist at gmail.com Wed Oct 8 11:12:40 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Wed, 08 Oct 2008 14:12:40 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: Message-ID: Robert J. Hansen wrote: > Eitan Adler wrote: >> No: I have defined the problem as: "Enigmail doesn't give effective >> warnings in the absence of an *expected* signature." > > And, as people have told you several times so far, there is no known way > to convey an expectation of signature. A check box right under "allow remote images" part of the address book entry? This makes your definition > nonsense: it's like saying "Enigmail doesn't magically summon unicorns." From John at Mozilla-Enigmail.org Wed Oct 8 13:25:58 2008 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Wed, 08 Oct 2008 15:25:58 -0500 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: Message-ID: <48ED1756.5080903@Mozilla-Enigmail.org> Eitan Adler wrote: > Robert J. Hansen wrote: >> Eitan Adler wrote: >>> No: I have defined the problem as: "Enigmail doesn't give effective >>> warnings in the absence of an *expected* signature." >> >> And, as people have told you several times so far, there is no known way >> to convey an expectation of signature. > A check box right under "allow remote images" part of the address book > entry? Congratulations. You've created YAABH - Yet Another Address Book Hack. They show up every now and then as "enhancements". They always have one little problem, they require so much effort and coordination among all the different parts of the Mozilla mail-news code that they cannot be extensions. They must be fully integrated into the application. They also require that Enigmail be fully absorbed into the core application. YOU want this so much, your solution is to start coding and send the Mozilla folks a patch or develop your _OWN_ extension. However: Folks on the list have told you it won't work. Enigmail team members have told you it won't work. Enigmail's developer has told you it won't work. Everyone has told you that your idea is unworkable, yet you refuse to listen or accept the fact. Thunderbird's source code is available to you. Enigmail's source code is available to you. That's the beauty of OpenSource. Start coding. Maybe it will help *you* at last realize why everyone else says that this scheme won't work. No matter how you finagle a solution, it will not do what you want it to. You are of course free to continue being obtuse and ignore those telling you it won't work, but you alone are championing this Crypto-Spruce Goose. Come back when you've got an implementation of something that will turn years of communications security theory on its head. You'll need to surprise us, 'cause we won't be actively waiting for it. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 679 bytes Desc: OpenPGP digital signature URL: From jmoore3rd at bellsouth.net Wed Oct 8 14:16:44 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Wed, 08 Oct 2008 17:16:44 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: <48ED1756.5080903@Mozilla-Enigmail.org> References: <48ED1756.5080903@Mozilla-Enigmail.org> Message-ID: <48ED233C.3060702@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 John Clizbe wrote: > > > Congratulations. You've created YAABH - Yet Another Address Book Hack. They show > up every now and then as "enhancements". They always have one little problem, > they require so much effort and coordination among all the different parts of > the Mozilla mail-news code that they cannot be extensions. They must be fully > integrated into the application. They also require that Enigmail be fully > absorbed into the core application. > > YOU want this so much, your solution is to start coding and send the Mozilla > folks a patch or develop your _OWN_ extension. Be sure and begin work using the Tb3 Source Code. At present Thunderbird 3 has morphed into such an unwieldy mess that whatever You hack together will probably be broken with the next Alpha release. Between the disabling of Java Script along with the full integration of other existing Extensions in an attempt to make T-Bird more 'Outlook-like' means that even if successful You will be responsible for maintaining a Boutique Version of Thunderbird that will require constant maintenance & frequent 'Releases' + Distribution. From working with the Development on Tb3 I have come to the conclusion that if/when Tb2 is retired I will be moving to SeaMonkey rather than attempting to maintain a Thunderbird Installation. Even the Original Developer of Thunderbird has left the Project because of the complexities introduced into what was originally a simple, elegant Mail/News Client. One consideration You may wish to focus on is how large Your consumer base will be for Thunderbird _with_ Your 'enhancement' and then decide if You wish to tackle the responsibility for maintaining Your patches. :-\ As of this past Sunday the Code for Tb3 is almost 2.5x the size of Tb2. The current development of Tb3 is 'stuck' on the debate over disabling Java Script for security reasons. But if You are sincere & dedicated enough then with persistence Your 'solution' may become incorporated but My Personal feeling is that Tb3 has already become too bloated to be stable. :-\ JOHN ;) Timestamp: Wednesday 08 Oct 2008, 17:15 --400 (Eastern Daylight Time) - -- Programming is like sex: if you make a mistake, you have to support it for the rest of your life. --(unknown) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI7SMnAAoJEBCGy9eAtCsPkEQH/RP2U7IuCYe5fotm7iTCSHqc tIMC5XZGarRdk3t+i4S2XxEtAsSr3gOczpAXT2v2JJgL1xOLE9NQD2AYQ/xC9h9J wyLiwisTOrE4xeLc2MrDewbiZc1BHX5kiAppxA9EW5gnNZdf9zy+kBzyLmmnNT0D 41EKju1djZQkoqo0wb1K/ZwRD6+Tz+sWinSvBls/FoNHcWhiygvzIgKXjQoI/qV8 s6+L9XiVRpoa3Aq2F7V2FYpBJYdUk6UpLGbZQFhtm3X+X0UJEoEliHz3XKn+e8ZP mQ5ZP7bWEnEpVghkU7HR57Mcq/ERAxwZJDagsReiIpbHaas/LmcW4KGXlklVMxI= =/QBK -----END PGP SIGNATURE----- From faramir.cl at gmail.com Wed Oct 8 15:26:58 2008 From: faramir.cl at gmail.com (Faramir) Date: Wed, 08 Oct 2008 18:26:58 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: <48ED233C.3060702@bellsouth.net> References: <48ED1756.5080903@Mozilla-Enigmail.org> <48ED233C.3060702@bellsouth.net> Message-ID: <48ED33B2.4090501@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John W. Moore III escribi?: > Between the disabling of Java Script along with the full integration of > other existing Extensions in an attempt to make T-Bird more > 'Outlook-like' means that even if successful You will be responsible for Oh... now I am scared... :S I hope TB developers don't break too many things... Now, going back to the topic, I don't want to play the Devil's Advocate role, but since I among the users that are still trying to learn the uses and meaning of encryption (and signatures, of course), I think _maybe_ Eitan Adler is just trying to explain his idea, since probably he still think it would be an interesting feature, and if people is rejecting it, maybe it is because they have misunderstood what he is suggesting. I don't know how much knowledge does Eitan Adler have about enigmail's code, or TB code... For "profane" people (I mean, people like me), to add a feature is just part of the "magic" developers do, so we don't know if there is a big difference between the recipient's rules to sign/encrypt messages, and to add a feature about "sender's rules". Now, my own point of view about the subject is: if a sender uses to sign all his messages, and I receive an unsigned message, or a message with broken signature, and the content of the message is important enough to ruin somebody's career, I would check the message with the sender, just to be sure. An alert icon would be a nice aid to make me to remind that policy, *if* such feature is not too complex to implement. If it would requite a lot of hard work, or to break some things to implement it, then clearly it would be better to put a "post-it" in my computer's screen saying: "don't forget important messages must be checked before proceeding to do what they say". Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI7TOyAAoJEMV4f6PvczxAwA4IAKv/aOihAr65FhFYcuiAbJBX P3LUfHfuY29U8ulcnltYJ0bCTyoPBaCznk1REJncTcHgNwNqU8bhT5PDkStZvRqN 9ERoRGXAnRXNGsoDUv0SWvFpSOKz/rR7BThTPRu8a5Jjm4y7ULA9McAGTa07v0op DsPU9uE07r/k2IKFrYMKxYVUCk/k0GbKwSiXzJ5RODMqhOkctl5Ck9Y4n7nkYmKj lHjJ+QfH2Qn0UeFIinPxqjNj7fbCNMsliuXKXL0WrpBpsrpQpbgRvl7mKihKusRP TCgokJd/elIsC+rduQpr8ik5/WFBK6pz5FDfWND+vOCk8loYSSflv3VSzqSmEq8= =jqLL -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Wed Oct 8 15:34:01 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 08 Oct 2008 18:34:01 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: <48ECA330.8030109@metrocast.net> References: <48EC0B54.9010809@sixdemonbag.org> <48EC2CF9.2060100@bellsouth.net> <48ECA330.8030109@metrocast.net> Message-ID: <48ED3559.2090808@sixdemonbag.org> Phil Stracchino wrote: > I'll go further than that. To an extent, I agree with Phil -- but only to an extent. We need to separate two kinds of stupidity: the stupidity that's born of a momentary braino, and the stupidity that comes from laziness. Take Eitan's "problem" as an example. There is a simple, obviously correct way to handle this: train yourself better. I agree with Phil that due diligence cannot be maintained when it is a matter of conscious concentration; but training yourself to do it, getting into the habit of it, will make it fairly easy to "follow the checklist" even without thinking about it. There is no quick technological fix. There is an effective human-factors fix. But insisting on "well, I'm going to continue searching for a technological fix to a human problem!" is -- exactly as Phil said -- counterproductive. On the other hand, consider what would happen if the "Sign" and "Revoke" buttons were right next to each other in the key manager. People would inevitably click the wrong one by accident, just in the course of daily business. It would be a momentary braino, not paying too much attention to where your mouse pointer is. It's not laziness so much as simple human error. It turns out there's a neat, efficient fix to this: put more space between the buttons, or rearrange them so a harmless button was in between the two. Technology can mitigate the occasional routine human error. It cannot mitigate the systemic problem of people who want to remain ignorant and let the computer do it all for them. As an example, look at Apple Computer. OS X does a _fantastic_ job of mitigating routine human error. But even on OS X, if you want to remain ignorant, the computer will not be your friend. From rjh at sixdemonbag.org Wed Oct 8 15:52:29 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Wed, 08 Oct 2008 18:52:29 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: <48ED33B2.4090501@gmail.com> References: <48ED1756.5080903@Mozilla-Enigmail.org> <48ED233C.3060702@bellsouth.net> <48ED33B2.4090501@gmail.com> Message-ID: <48ED39AD.4030007@sixdemonbag.org> Faramir wrote: > I think _maybe_ Eitan Adler is just trying to explain his idea, since > probably he still think it would be an interesting feature, and if > people is rejecting it, maybe it is because they have misunderstood > what he is suggesting. We understand it just fine. The problem is that he doesn't. Schneier has a saying, "everyone can make a cipher they can't break, but few can make a cipher nobody can break." The same applies to code. Everybody knows how to sling code, apparently, judging by the amount of backseat driving Patrick gets. However, I can tell you precisely how many useful patches Patrick has received in the last few years... it's less than five. > we don't know if there is a big difference between the recipient's > rules to sign/encrypt messages, and to add a feature about "sender's > rules". In the Southeast United States (what's commonly called "the South") there's a tradition of inviting the neighbors over for barbecue. South Africans may take as much pride in their barbecue as an American Southerner, but it'd be close. Barbecue is governed by some simple and straightforward social rules: if you're drinking a man's beer and eating his barbecue, you're not allowed to talk about how your barbecue is tastier or how you have better taste in beer. If you want to do that, you can. Next weekend invite your neighbors over and show them how it's done. It's that simple. Now, with respect to Enigmail... it's Patrick's place. It's his barbecue. It's good stuff. I, and many others, really like it. If someone wants to say "why don't you put more hickory in the barbecue?", we'll explain it to them. Maybe it would upset the delicate balance of flavors. Maybe the extra hickory smoke would make the meat taste better, but would ruin the fish Patrick is grilling. We'll explain this stuff until we're blue in the face. We like answering these questions. But if someone comes up and says "look, it's so obvious, put more hickory in the barbecue!", well -- that's just tacky. We'll still explain things politely. But when we get greeted with "no, you're wrong and I'm right, and you should put more hickory in the barbecue!", well... at that point we think you should go off and cook your own. If it turns out to be a success, we hope you'll invite us over. > An alert icon would be a nice aid to make me to remind that policy, > *if* such feature is not too complex to implement. We cannot do this in a way which is any of (a) effective, (b) secure or (c) easy. If you'd like me to elaborate on those, I'd be happy to. :) From alaric at metrocast.net Wed Oct 8 15:53:42 2008 From: alaric at metrocast.net (Phil Stracchino) Date: Wed, 08 Oct 2008 18:53:42 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: <48ED3559.2090808@sixdemonbag.org> References: <48EC0B54.9010809@sixdemonbag.org> <48EC2CF9.2060100@bellsouth.net> <48ECA330.8030109@metrocast.net> <48ED3559.2090808@sixdemonbag.org> Message-ID: <48ED39F6.3090003@metrocast.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Robert J. Hansen wrote: > Phil Stracchino wrote: >> I'll go further than that. > > To an extent, I agree with Phil -- but only to an extent. > > We need to separate two kinds of stupidity: the stupidity that's born of > a momentary braino, and the stupidity that comes from laziness. I don't consider the former stupidity. I consider it a momentary lapse of attention. > Technology can mitigate the occasional routine human error. It cannot > mitigate the systemic problem of people who want to remain ignorant and > let the computer do it all for them. Exactly. People make mistakes, and it's only reasonable to try to catch the mistakes where possible. But it's not productive to try to create a world safe for people who simply go through their lives never thinking before they act. - -- Phil Stracchino, CDK#2 DoD#299792458 ICBM: 43.5607, -71.355 alaric at caerllewys.net alaric at metrocast.net phil at co.ordinate.org Renaissance Man, Unix ronin, Perl hacker, Free Stater It's not the years, it's the mileage. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREIAAYFAkjtOfYACgkQ0DfOju+hMkmGsACgteSpwKg0e2dGbW9/qeHTZ8ED 8KQAn2rDQRJk+s3qdTcnFjzrSJy+++rm =niq8 -----END PGP SIGNATURE----- From andrewnerkin at yahoo.com Thu Oct 9 08:13:31 2008 From: andrewnerkin at yahoo.com (Andrew Nerkin) Date: Thu, 9 Oct 2008 08:13:31 -0700 (PDT) Subject: [Enigmail] Current IPC Options? Message-ID: <211744.71728.qm@web59905.mail.ac4.yahoo.com> Fellow extension developers, I'm writing an extension that requires the ability to execute an external process and access the stdin/stdout streams of that created process. The nsIProcess API allows me to launch an external process and specify command-line arguments, but it doesn't give me access to input/output streams for that process. I see that Enigmail uses something called nsIPipeTransport to achieve the same functionality, but I'm confused about the state of this API. It seems like it was at one point a part of Protozilla, then a separate library, then possibly going to be merged into the mozilla source base, and now... I don't know. So if this is the only option for achieving the functionality that I desire, does anyone know where I should get this library, how I should bundle it with my extension, and where I can find a reference for the API that it provides? Thanks, - Clement -------------- next part -------------- An HTML attachment was scrubbed... URL: From patrick at mozilla-enigmail.org Fri Oct 10 00:05:07 2008 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Fri, 10 Oct 2008 09:05:07 +0200 Subject: [Enigmail] Current IPC Options? In-Reply-To: <211744.71728.qm@web59905.mail.ac4.yahoo.com> References: <211744.71728.qm@web59905.mail.ac4.yahoo.com> Message-ID: <48EEFEA3.1060702@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrew Nerkin wrote: > > Fellow extension developers, > > > I'm writing an extension that requires the ability to execute an > external process and access the stdin/stdout streams of that created > process. The nsIProcess API allows me to launch an external process and > specify command-line arguments, but it doesn't give me access to > input/output streams for that process. I see that Enigmail uses > something called nsIPipeTransport to achieve the same functionality, but > I'm confused about the state of this API. It seems like it was at one > point a part of Protozilla, then a separate library, then possibly going > to be merged into the mozilla source base, and now... I don't know. So > if this is the only option for achieving the functionality that I > desire, does anyone know where I should get this library, how I should > bundle it with my extension, and where I can find a reference for the > API that it provides? The library source and pre-compiled versions for xulrunner on Windows and Linux are available from . I believe that the builds for xulrunner also work with Firefox 3.0. For the API, I'd recommend to start reading the file docu.txt. - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBSO7+oncOpHodsOiwAQKgcAf+PXBYwP+rC0mNbxAZUCErcjZl3SuFDL5B BkGNIaq7Cd86FF8ljXTZE8C1YeXSAawwsdckj1T0sM2jafw4V3cBJaFXZw+H1DdT 3n8EEnoBpbXYsdBEzDZyixedDb9vh7cc2FIcSLL0u3xC/zzjrNDwma5NGrh9nxIt JShbzpFJoIwUHBTMZQQFphL7dPhhcWnTNxy0wabHm2/7vl6SoSkKywlTJN3H1kJo 07zvc47GlZhKIUJBz8FDDWyej3iW6IlNdn62ZvQQQusM44KzcJHl8FRDHwsjUb2M 9OEtjwp4RSSjTXYJFzuzvrdAsY5E/OKe3elrsabHj9kpH+bXUcSIdw== =8IBK -----END PGP SIGNATURE----- From eitanadlerlist at gmail.com Fri Oct 10 05:21:17 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Fri, 10 Oct 2008 08:21:17 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: Message-ID: John Clizbe wrote: > Eitan Adler wrote: >> Robert J. Hansen wrote: >>> Eitan Adler wrote: >>>> No: I have defined the problem as: "Enigmail doesn't give effective >>>> warnings in the absence of an *expected* signature." >>> And, as people have told you several times so far, there is no known way >>> to convey an expectation of signature. >> A check box right under "allow remote images" part of the address book >> entry? > > > > Congratulations. You've created YAABH - Yet Another Address Book Hack. They show > up every now and then as "enhancements". They always have one little problem, > they require so much effort and coordination among all the different parts of > the Mozilla mail-news code that they cannot be extensions. They must be fully > integrated into the application. They also require that Enigmail be fully > absorbed into the core application. > I was not aware of this. Thanks for telling me. [snip> > However: > Folks on the list have told you it won't work. True - but until now they didn't give me a good argument. > Enigmail team members have told you it won't work. > Enigmail's developer has told you it won't work. True - although they *probably* misunderstood me. > > Everyone has told you that your idea is unworkable, yet you refuse to listen or > accept the fact. I changed my idea once you pointed out the flaws. So this is untrue. > [snip] > Come back when you've got an implementation of something that will turn years of > communications security theory on its head. Not if you even understood my idea. You'll need to surprise us, 'cause > we won't be actively waiting for it. > Right - now that you pointed the code complexity factor was much higher than originally anticipated... From eitanadlerlist at gmail.com Fri Oct 10 05:22:50 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Fri, 10 Oct 2008 08:22:50 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: <48ED1756.5080903@Mozilla-Enigmail.org> <48ED233C.3060702@bellsouth.net> Message-ID: Faramir wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > John W. Moore III escribi?: > >> Between the disabling of Java Script along with the full integration of >> other existing Extensions in an attempt to make T-Bird more >> 'Outlook-like' means that even if successful You will be responsible for > > Oh... now I am scared... :S > I hope TB developers don't break too many things... > > Now, going back to the topic, I don't want to play the Devil's > Advocate role, but since I among the users that are still trying to > learn the uses and meaning of encryption (and signatures, of course), I > think _maybe_ Eitan Adler is just trying to explain his idea, since > probably he still think it would be an interesting feature, and if > people is rejecting it, maybe it is because they have misunderstood what > he is suggesting. > > I don't know how much knowledge does Eitan Adler have about enigmail's > code, or TB code... For "profane" people (I mean, people like me), to > add a feature is just part of the "magic" developers do, so we don't > know if there is a big difference between the recipient's rules to > sign/encrypt messages, and to add a feature about "sender's rules". > I think you hit it on the head. > Now, my own point of view about the subject is: if a sender uses to > sign all his messages, and I receive an unsigned message, or a message > with broken signature, and the content of the message is important > enough to ruin somebody's career, I would check the message with the > sender, just to be sure. An alert icon would be a nice aid to make me to > remind that policy, *if* such feature is not too complex to implement. > If it would requite a lot of hard work, or to break some things to > implement it, then clearly it would be better to put a "post-it" in my > computer's screen saying: "don't forget important messages must be > checked before proceeding to do what they say". > > Best Regards > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iQEcBAEBCAAGBQJI7TOyAAoJEMV4f6PvczxAwA4IAKv/aOihAr65FhFYcuiAbJBX > P3LUfHfuY29U8ulcnltYJ0bCTyoPBaCznk1REJncTcHgNwNqU8bhT5PDkStZvRqN > 9ERoRGXAnRXNGsoDUv0SWvFpSOKz/rR7BThTPRu8a5Jjm4y7ULA9McAGTa07v0op > DsPU9uE07r/k2IKFrYMKxYVUCk/k0GbKwSiXzJ5RODMqhOkctl5Ck9Y4n7nkYmKj > lHjJ+QfH2Qn0UeFIinPxqjNj7fbCNMsliuXKXL0WrpBpsrpQpbgRvl7mKihKusRP > TCgokJd/elIsC+rduQpr8ik5/WFBK6pz5FDfWND+vOCk8loYSSflv3VSzqSmEq8= > =jqLL > -----END PGP SIGNATURE----- From eitanadlerlist at gmail.com Fri Oct 10 05:25:19 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Fri, 10 Oct 2008 08:25:19 -0400 Subject: [Enigmail] Expect signature header proposal In-Reply-To: References: <48EC0B54.9010809@sixdemonbag.org> <48EC2CF9.2060100@bellsouth.net> <48ECA330.8030109@metrocast.net> Message-ID: Robert J. Hansen wrote: > Phil Stracchino wrote: >> I'll go further than that. > > To an extent, I agree with Phil -- but only to an extent. > > We need to separate two kinds of stupidity: the stupidity that's born of > a momentary braino, and the stupidity that comes from laziness. > > Take Eitan's "problem" as an example. There is a simple, obviously > correct way to handle this: train yourself better. I agree with Phil > that due diligence cannot be maintained when it is a matter of conscious > concentration; but training yourself to do it, getting into the habit of > it, will make it fairly easy to "follow the checklist" even without > thinking about it. > > There is no quick technological fix. There is an effective > human-factors fix. But insisting on "well, I'm going to continue > searching for a technological fix to a human problem!" is -- exactly as > Phil said -- counterproductive. > > On the other hand, consider what would happen if the "Sign" and "Revoke" > buttons were right next to each other in the key manager. People would > inevitably click the wrong one by accident, just in the course of daily > business. It would be a momentary braino, not paying too much attention > to where your mouse pointer is. It's not laziness so much as simple > human error. It turns out there's a neat, efficient fix to this: put > more space between the buttons, or rearrange them so a harmless button > was in between the two. It is my opinion that my case is a mix of these two. You should train yourself better to look for the "sig exists" or "sig doesn't exist". Imagine a traffic light that only has one green light. If its on go, if its off don't go. Same here. Except that the light would only be red when you would ordinarily think go (like a stop sign). I hope that was clear.... > > Technology can mitigate the occasional routine human error. It cannot > mitigate the systemic problem of people who want to remain ignorant and > let the computer do it all for them. > > As an example, look at Apple Computer. OS X does a _fantastic_ job of > mitigating routine human error. But even on OS X, if you want to remain > ignorant, the computer will not be your friend. > > From eitanadlerlist at gmail.com Fri Oct 10 05:26:05 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Fri, 10 Oct 2008 08:26:05 -0400 Subject: [Enigmail] Enigmail stopped working - not on update In-Reply-To: References: Message-ID: Eitan Adler wrote: > Patrick Brunschwig wrote: >> Eitan Adler wrote: >>> Patrick Brunschwig wrote: >>>> It looks like you made an error, but it's hard to tell with just the >>>> little information you gave what went wrong. I'm guessing that you >>>> either didn't compile the required Thunderbird parts properly (Step 1-4 >>>> of "Compiling Thunderbird") or your OBJDIR is wrong. >>>> >>>> HTH, >>>> Patrick >>> [snip] >>> I ran through all the steps again. I got no errors whatsoever under the >>> "make" after "./makemake". I followed the steps exactly as shown (I >>> didn't change .mozconfig or -o or any other configuration files). >>> my /etc/make.conf is >>> PERL_VER=5.8.8 >>> PERL_VERSION=5.8.8 >>> >>> /usr/bin/ld: cannot find -lxpcom --> are those flags? >> >> xpcom is a library. >> >>> [tb at moo ~]$/usr/bin/ld >>> /usr/bin/ld: no input files >>> [tb at moo ~]$/usr/bin/ld -lxpcom >>> /usr/bin/ld: cannot find -lxpcom >>> >>> is this a difference between Linux ld and BSD ld perhaps? >> >> Maybe, but I think that Mozilla's configure would know about it. Which >> version of gcc do you use? >> >> -Patrick > from gcc -v > Using built-in specs. > Target: i386-undermydesk-freebsd > Configured with: FreeBSD/i386 system compiler > Thread model: posix > gcc version 4.2.1 20070719 [FreeBSD] Any further suggestions? Or bring this to the freeBSD mailing list? From sakkath at sakkath.com Fri Oct 10 11:58:53 2008 From: sakkath at sakkath.com (Stephen Erikson) Date: Fri, 10 Oct 2008 14:58:53 -0400 Subject: [Enigmail] I can't revoke my key Message-ID: Is there another method to revoking a key? I can possibly check out the gpg readme there is probably a CLI way to do this but I'm short on time and just wondered if anyone had an answer to my main problem. The reason I cannot revoke my key: I made a key for myself, then tried to remove Enigmail because some setting got messed up. When I installed it again I made a new key and Thunderbird does not see my original key as my own, therefore I cannot revoke it (I have the revoke cert). I'm looking for a way to make Thunderbird understand that key is my own. From jmoore3rd at bellsouth.net Fri Oct 10 13:22:14 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Fri, 10 Oct 2008 16:22:14 -0400 Subject: [Enigmail] I can't revoke my key In-Reply-To: References: Message-ID: <48EFB976.2080606@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Stephen Erikson wrote: > I made a key for myself, then tried to remove Enigmail because some > setting got messed up. When I installed it again I made a new key and > Thunderbird does not see my original key as my own, therefore I cannot > revoke it (I have the revoke cert). > > I'm looking for a way to make Thunderbird understand that key is my own. It doesn't matter is Thunderbird shows the Key 'as Your own' even though I suspect that what You're really saying is that this Key isn't 'highlighted' in bold black letters. If You can see this Key in Your Keyring then just Import the Revocation Certificate into the Keyring. This will 'Update' the Key with the Revocation Signature. Then, simply Upload the 'revoked' Key to the Keyservers and You will have Revoked the Key and published same. HTH JOHN ;) Timestamp: Friday 10 Oct 2008, 16:22 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI77l1AAoJEBCGy9eAtCsPi+oH/jIr+xnZv8c3NL3b1OHmrKxo rLzNgJLL/jg/7NKPwg4vG0prczfTQNpbvsrcTkUjtvQKeJQ4eoTCkyjL08CZOzRe VqQIgjzp5U3dCv1ezAPmKzMRGFyW6ujdUV+Iidruy+ogtRD0+o6jj5NvbixiiRNQ E7zD8r4pRlvYR8dEdVf42YpJEky4cB2n/mca5J8L3Yplq8aV4mYY35w5Dmv+u0jT 00k+26OTPsuIR8jtAaQ5PGyJxHGBobvrC9NHj/oh0u0tnu98HpLXori63I1Vt4cS etTno4OozEa6fd9x4J1yUjFftyfaxti3FVsBCutd854VUGHDhsekxma6R38G0RA= =vdqT -----END PGP SIGNATURE----- From sakkath at sakkath.com Sat Oct 11 00:34:30 2008 From: sakkath at sakkath.com (Stephen Erikson) Date: Sat, 11 Oct 2008 03:34:30 -0400 Subject: [Enigmail] I can't revoke my key In-Reply-To: References: Message-ID: John W. Moore III wrote: > Stephen Erikson wrote: > >> I made a key for myself, then tried to remove Enigmail because some >> setting got messed up. When I installed it again I made a new key and >> Thunderbird does not see my original key as my own, therefore I cannot >> revoke it (I have the revoke cert). > >> I'm looking for a way to make Thunderbird understand that key is my own. > > It doesn't matter is Thunderbird shows the Key 'as Your own' even though > I suspect that what You're really saying is that this Key isn't > 'highlighted' in bold black letters. If You can see this Key in Your > Keyring then just Import the Revocation Certificate into the Keyring. > This will 'Update' the Key with the Revocation Signature. Then, simply > Upload the 'revoked' Key to the Keyservers and You will have Revoked the > Key and published same. > > HTH > > JOHN ;) > Timestamp: Friday 10 Oct 2008, 16:22 --400 (Eastern Daylight Time) Thank you so much, I'm a new user, sorry :). From rjh at sixdemonbag.org Sat Oct 11 06:50:23 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Sat, 11 Oct 2008 09:50:23 -0400 Subject: [Enigmail] I can't revoke my key In-Reply-To: References: Message-ID: <48F0AF1F.8080009@sixdemonbag.org> Stephen Erikson wrote: > Thank you so much, I'm a new user, sorry :). We were all new once. :) Welcome to the list! From jmoore3rd at bellsouth.net Sat Oct 11 08:55:30 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Sat, 11 Oct 2008 11:55:30 -0400 Subject: [Enigmail] I can't revoke my key In-Reply-To: References: Message-ID: <48F0CC72.6070201@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Stephen Erikson wrote: > Thank you so much, I'm a new user, sorry :). No need to 'apologize' for being a 'New User' as everyone was at some time. Now, the unspoken Question is "why wasn't this Key listed in bold black?" The Answer is that [assuming You're looking in Enigmail Key Manager] the Secret Key isn't showing in the Keyring. :-\ I have no explanation for this unless when Importing Keys You only Imported the Public Key. Won't affect Key Revocation, however. JOHN ;) Timestamp: Saturday 11 Oct 2008, 11:55 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI8MxvAAoJEBCGy9eAtCsPjOkH/1tRQotf14soEIJM8cJF0DKU tvAAa+1uZSXb92VYIwiFubK/pL2QZeZ1ldSs1lMIioNj8zrLq8klkzkDBtaOvCSV ocf8fq2zFiiJb+maI9U4WHgu8jWxhY4g6xSvyV2hmq/WQQGevrPUjHInHmlzAQuF GgEQ1Z+AqD53/ZQlxrfomNuSfdorfcZZ9z2PY+VMEFmnapRhjFErXyYhLXE9cUwL 17N2VTg5eg8KnFbFkudJVpOx60gLrZ289v3apF0MeuFyzl3vtI/56155diMBCDqv aCe8zZ/VgJl/tXrs0PAoSADduk8HB9bsVS8YVxDIav4Zzq8mjWcfIc4uMAFSHKg= =DDmz -----END PGP SIGNATURE----- From sakkath at sakkath.com Sat Oct 11 18:23:09 2008 From: sakkath at sakkath.com (Stephen Erikson) Date: Sat, 11 Oct 2008 21:23:09 -0400 Subject: [Enigmail] I can't revoke my key In-Reply-To: References: Message-ID: John W. Moore III wrote: > Stephen Erikson wrote: > >> Thank you so much, I'm a new user, sorry :). > > No need to 'apologize' for being a 'New User' as everyone was at some time. > > Now, the unspoken Question is "why wasn't this Key listed in bold black?" > > The Answer is that [assuming You're looking in Enigmail Key Manager] the > Secret Key isn't showing in the Keyring. :-\ I have no explanation for > this unless when Importing Keys You only Imported the Public Key. Won't > affect Key Revocation, however. > > JOHN ;) > Timestamp: Saturday 11 Oct 2008, 11:55 --400 (Eastern Daylight Time) It's all fine now that I revoked the key, that's all I wanted to do. Thanks a lot guys :). From enigmail at jean-marc.meessen-web.org Sun Oct 12 03:41:49 2008 From: enigmail at jean-marc.meessen-web.org (Jean-Marc Meessen) Date: Sun, 12 Oct 2008 12:41:49 +0200 Subject: [Enigmail] [Fwd: Re: Enigmail not detecting/enabling GPG anymore] In-Reply-To: <48E9242C.30808@mozilla-enigmail.org> References: <48E91436.2000501@jean-marc.meessen-web.org> <48E9242C.30808@mozilla-enigmail.org> Message-ID: <48F1D46D.2040101@jean-marc.meessen-web.org> Hello Olav, I finally have some time to pick up again this problem. Had to leave it due to our 20th wedding anniversary (and its preparation !). We had it yesterday, so I have more time ;-) Thanks for your patience. I checked your hints but still get not further. (to put you back in the picture, I crashed my TrueCrypt drive where my TB profile was residing. Since then, I can't get Enigmail to work again) Here are a few checks I made that make me really think that the problem is not related to path problem. <----------------------------------------------> /home/user> gpg --version gpg (GnuPG) 1.4.6 Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 /home/user> echo $PATH /home/user/bin:/usr/local/bin:/usr/bin:/bin:/usr/games /home/user> which gpg /usr/bin/gpg <----------------------------------------------> Starting TB from the shell yields the same results. I am executing for this what appears to be a bash script located in /opt/thunderbird/ and called "thunderbird". Enigmail still fails to initialize (GPG not found in the config screen) When I look a the produced log file, I only get the following (limited) information: <----------------------------------------------> 2008-10-12 11:19:05.829 enigmail.js: Logging debug output to /home/user/enigdbug.txt 2008-10-12 11:19:05.831 enigmail.js: Enigmail version 0.95.7 2008-10-12 11:19:05.832 enigmail.js: OS/CPU=Linux i686 2008-10-12 11:19:05.834 enigmail.js: Platform=X11 2008-10-12 11:19:05.835 enigmail.js: composeSecure=false 2008-10-12 11:19:05.837 enigmail.js: Enigmail.initialize: Error - Le service Enigmime n'est pas disponible <----------------------------------------------> With the information I have, I don't think it is a path problem. My current working theory that I hope you will follow or challenge is rather an init problem caused be the rescue of a corrupted config or temporary Enigmail file. When I look at the TB error messages I get the following errors each time I enter the configuration screen of Enigmail: <----------------------------------------------> Erreur : [Exception... "'Failure' when calling method: [nsIEnigmail::initialize]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: chrome://enigmail/content/enigmailCommon.js :: GetEnigmailSvc :: line 214" data: no] Fichier source : chrome://enigmail/content/enigmailCommon.js Ligne : 214 Erreur : Components.classes[ENIG_ENIGMIMESERVICE_CONTRACTID] has no properties Fichier source : chrome://enigmail/content/enigmailMsgComposeOverlay.js Ligne : 223 <----------------------------------------------> Are these messages helpfull to pinpoint the problem ? Jmm Olav Seyfarth a ?crit : > Hi Jean-Marc, > > > In a terminal window, when I type "echo $PATH" I get a path where the > > directory GPG is residing in (/usr/bin) correctly returned. > > well, maybe your shell sets an environment different than when you start > TB through the start menu. Is the result the same when you start it from > the shell? (first close all instances of TB, open your shell, make sure > gpg is in path, start TB manually from the command line, try. > > > How can I check this value while in Enigmail ? A tracing option maybe ? > > OpenPGP -> Preferences > Enable Expert Settings > Debugging Tab, enter a DIRECTORY > Restart TB and reproduce your problem > check results of your debug DIR > > Olav _______________________________________________ Enigmail mailing list Enigmail at mozdev.org https://www.mozdev.org/mailman/listinfo/enigmail -------------- next part -------------- An HTML attachment was scrubbed... URL: From enigmail.jean-marc at meessen-web.org Sun Oct 12 02:39:48 2008 From: enigmail.jean-marc at meessen-web.org (Jean-Marc Meessen) Date: Sun, 12 Oct 2008 11:39:48 +0200 Subject: [Enigmail] [Fwd: Re: Enigmail not detecting/enabling GPG anymore] In-Reply-To: <48E9242C.30808@mozilla-enigmail.org> References: <48E91436.2000501@jean-marc.meessen-web.org> <48E9242C.30808@mozilla-enigmail.org> Message-ID: <48F1C5E4.9050801@meessen-web.org> Hello Olav, I finally have some time to pick up again this problem. Had to leave it due to our 20th wedding anniversary (and its preparation !). We had it yesterday, so I have more time ;-) Thanks for your patience. I checked your hints but still get not further. (to put you back in the picture, I crashed my TrueCrypt drive where my TB profile was residing. Since then, I can't get Enigmail to work again) Here are a few checks I made that make me really think that the problem is not related to path problem. <----------------------------------------------> /home/user> gpg --version gpg (GnuPG) 1.4.6 Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 /home/user> echo $PATH /home/user/bin:/usr/local/bin:/usr/bin:/bin:/usr/games /home/user> which gpg /usr/bin/gpg <----------------------------------------------> Starting TB from the shell yields the same results. I am executing for this what appears to be a bash script located in /opt/thunderbird/ and called "thunderbird". Enigmail still fails to initialize (GPG not found in the config screen) When I look a the produced log file, I only get the following (limited) information: <----------------------------------------------> 2008-10-12 11:19:05.829 enigmail.js: Logging debug output to /home/user/enigdbug.txt 2008-10-12 11:19:05.831 enigmail.js: Enigmail version 0.95.7 2008-10-12 11:19:05.832 enigmail.js: OS/CPU=Linux i686 2008-10-12 11:19:05.834 enigmail.js: Platform=X11 2008-10-12 11:19:05.835 enigmail.js: composeSecure=false 2008-10-12 11:19:05.837 enigmail.js: Enigmail.initialize: Error - Le service Enigmime n'est pas disponible <----------------------------------------------> With the information I have, I don't think it is a path problem. My current working theory that I hope you will follow or challenge is rather an init problem caused be the rescue of a corrupted config or temporary Enigmail file. When I look at the TB error messages I get the following errors each time I enter the configuration screen of Enigmail: <----------------------------------------------> Erreur : [Exception... "'Failure' when calling method: [nsIEnigmail::initialize]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: chrome://enigmail/content/enigmailCommon.js :: GetEnigmailSvc :: line 214" data: no] Fichier source : chrome://enigmail/content/enigmailCommon.js Ligne : 214 Erreur : Components.classes[ENIG_ENIGMIMESERVICE_CONTRACTID] has no properties Fichier source : chrome://enigmail/content/enigmailMsgComposeOverlay.js Ligne : 223 <----------------------------------------------> Are these messages helpfull to pinpoint the problem ? Jmm Olav Seyfarth a ?crit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Hi Jean-Marc, > >> In a terminal window, when I type "echo $PATH" I get a path where the >> directory GPG is residing in (/usr/bin) correctly returned. > > well, maybe your shell sets an environment different than when you start > TB through the start menu. Is the result the same when you start it from > the shell? (first close all instances of TB, open your shell, make sure > gpg is in path, start TB manually from the command line, try. > >> How can I check this value while in Enigmail ? A tracing option maybe ? > > OpenPGP -> Preferences > Enable Expert Settings > Debugging Tab, enter a DIRECTORY > Restart TB and reproduce your problem > check results of your debug DIR > > Olav > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > Comment: Diese ist eine Digitale Signatur nach OpenPGP-Standard > Comment: Weitere Informationen: http://privat.seyfarth.de/olav/schluessel.html > > iEYEAREIAAYFAkjpJCsACgkQL/NBt8fdKe0a3gCgrjrND6HJHVDiFmYJ0pNDMu/U > s9IAniLRDxLhKl4zCpSM07OWR79+scHB > =OZah > -----END PGP SIGNATURE----- > _______________________________________________ > Enigmail mailing list > Enigmail at mozdev.org > https://www.mozdev.org/mailman/listinfo/enigmail > From olav at mozilla-enigmail.org Sun Oct 12 05:12:50 2008 From: olav at mozilla-enigmail.org (Olav Seyfarth) Date: Sun, 12 Oct 2008 14:12:50 +0200 Subject: [Enigmail] [Fwd: Re: Enigmail not detecting/enabling GPG anymore] In-Reply-To: <48F1D46D.2040101@jean-marc.meessen-web.org> References: <48E91436.2000501@jean-marc.meessen-web.org> <48E9242C.30808@mozilla-enigmail.org> <48F1D46D.2040101@jean-marc.meessen-web.org> Message-ID: <48F1E9C2.607@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Jean-Marc, > 2008-10-12 11:19:05.837 enigmail.js: Enigmail.initialize: Error - Le > service Enigmime n'est pas disponible > Are these messages helpfull to pinpoint the problem ? yes. You installed an incompatible enigmail package. Please make sure you download a package that suits your OS _and_ compiler. E.g. if you installed Thunderburd from your distrubution, you _have to_ install the distribution's Enigmail package. You _cannot_ install the one provided on addons.mozilla.org / enigmail.mozdev.org on to of a distribution's Thunderbird. If you downloaded Thunderbird from mozilla.com and installed it manually, then you _must_ install Enigmail from enigmail.mozilla.org, not the distribution's package. You also have to make sure that the Mozilla platform matches, especially when it comes to Enigmail nightlies. Please uninstall Enigmail, restart Thunderbird, download or install the appropriate package and test again. Good luck, Olav -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Diese ist eine Digitale Signatur nach OpenPGP-Standard Comment: Weitere Informationen: http://privat.seyfarth.de/olav/schluessel.html iEYEAREIAAYFAkjx6cEACgkQL/NBt8fdKe0IuACfXIEL5QZhBLDoMzCD3h3uPY+g CvMAoKBoX6/9WQzFb/8m34ChZ7TvoHnT =SaJ2 -----END PGP SIGNATURE----- From eitanadlerlist at gmail.com Sun Oct 12 07:15:53 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Sun, 12 Oct 2008 10:15:53 -0400 Subject: [Enigmail] Engimail for freebsd i386 In-Reply-To: References: Message-ID: I have a working XPI - where should I send it to ? From enigmail at jean-marc.meessen-web.org Sun Oct 12 09:26:52 2008 From: enigmail at jean-marc.meessen-web.org (Jean-Marc Meessen) Date: Sun, 12 Oct 2008 18:26:52 +0200 Subject: [Enigmail] [Fwd: Re: Enigmail not detecting/enabling GPG anymore] In-Reply-To: <48F1E9C2.607@mozilla-enigmail.org> References: <48E91436.2000501@jean-marc.meessen-web.org> <48E9242C.30808@mozilla-enigmail.org> <48F1D46D.2040101@jean-marc.meessen-web.org> <48F1E9C2.607@mozilla-enigmail.org> Message-ID: <48F2254C.3070306@jean-marc.meessen-web.org> Well, I think it must be something other as the Enigmail distribution was already installed before the crash and worked. Or was it by accident that it worked. And furthermore, I unistalled Enigmail and reinstalled from the distribution that I used when I first installed installed it. (and it didn't work). I installed 95.7 as a last try. As I am now unsure, I am going to redo the Deinstallation/Installation cycle with closing TB between the steps (though I am pretty sure I did that). What about my hunch that it could be coming from a corrupted config/temp file ? Jmm Olav Seyfarth a ?crit : > Hi Jean-Marc, > > > 2008-10-12 11:19:05.837 enigmail.js: Enigmail.initialize: Error - Le > > service Enigmime n'est pas disponible > > Are these messages helpfull to pinpoint the problem ? > > yes. You installed an incompatible enigmail package. Please make sure you > download a package that suits your OS _and_ compiler. E.g. if you > installed > Thunderburd from your distrubution, you _have to_ install the > distribution's > Enigmail package. You _cannot_ install the one provided on > addons.mozilla.org / > enigmail.mozdev.org on to of a distribution's Thunderbird. If you > downloaded > Thunderbird from mozilla.com and installed it manually, then you > _must_ install > Enigmail from enigmail.mozilla.org, not the distribution's package. > You also > have to make sure that the Mozilla platform matches, especially when > it comes > to Enigmail nightlies. Please uninstall Enigmail, restart Thunderbird, > download > or install the appropriate package and test again. > > Good luck, > Olav _______________________________________________ Enigmail mailing list Enigmail at mozdev.org https://www.mozdev.org/mailman/listinfo/enigmail From olav at mozilla-enigmail.org Sun Oct 12 11:46:54 2008 From: olav at mozilla-enigmail.org (Olav Seyfarth) Date: Sun, 12 Oct 2008 20:46:54 +0200 Subject: [Enigmail] Engimail for freebsd i386 In-Reply-To: References: Message-ID: <48F2461E.6010908@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 12.10.2008 16:15, Eitan Adler wrote: > I have a working XPI - where should I send it to ? great to hear! Send it to me, please. Along with a detached ascii sig (gpg -a -b ). I'll upload it to the mozdev download page. Thanks, Olav -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Diese ist eine Digitale Signatur nach OpenPGP-Standard Comment: Weitere Informationen: http://privat.seyfarth.de/olav/schluessel.html iEYEAREIAAYFAkjyRh0ACgkQL/NBt8fdKe3rGQCfV6obzpcMXw2Ae83CkI06T8DY VB0An0EOBdbvRgXMxV1qrKwCrscYuO7h =sbp9 -----END PGP SIGNATURE----- From olav at mozilla-enigmail.org Sun Oct 12 11:51:12 2008 From: olav at mozilla-enigmail.org (Olav Seyfarth) Date: Sun, 12 Oct 2008 20:51:12 +0200 Subject: [Enigmail] [Fwd: Re: Enigmail not detecting/enabling GPG anymore] In-Reply-To: <48F2254C.3070306@jean-marc.meessen-web.org> References: <48E91436.2000501@jean-marc.meessen-web.org> <48E9242C.30808@mozilla-enigmail.org> <48F1D46D.2040101@jean-marc.meessen-web.org> <48F1E9C2.607@mozilla-enigmail.org> <48F2254C.3070306@jean-marc.meessen-web.org> Message-ID: <48F24720.3010304@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Jean-Marc, > I unistalled Enigmail and reinstalled from the distribution that I used when > I first installed installed it (and it didn't work). you installed Thunderbird from the same source, yes? Are you on a amd64 system? Is your TB 64bit? Is your EM 64bit? > What about my hunch that it could be coming from a corrupted config/temp > file ? temp: I don't think so but you might want to delete xul.mfl . config: you may try to start from scratch config-wise: shutdown TB, delete all lines in prefs.js starting with enigmail and restart TB. Olav -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Diese ist eine Digitale Signatur nach OpenPGP-Standard Comment: Weitere Informationen: http://privat.seyfarth.de/olav/schluessel.html iEYEAREIAAYFAkjyRx8ACgkQL/NBt8fdKe2N/wCfeW5gyW7G9zW64DhJ3TzjNL0T 8mgAnjIO7ajG9wVhrl5BvKFZIvvdP1ML =GJoi -----END PGP SIGNATURE----- From faramir.cl at gmail.com Sun Oct 12 12:09:31 2008 From: faramir.cl at gmail.com (Faramir) Date: Sun, 12 Oct 2008 16:09:31 -0300 Subject: [Enigmail] [Fwd: Re: Enigmail not detecting/enabling GPG anymore] In-Reply-To: <48F2254C.3070306@jean-marc.meessen-web.org> References: <48E91436.2000501@jean-marc.meessen-web.org> <48E9242C.30808@mozilla-enigmail.org> <48F1D46D.2040101@jean-marc.meessen-web.org> <48F1E9C2.607@mozilla-enigmail.org> <48F2254C.3070306@jean-marc.meessen-web.org> Message-ID: <48F24B6B.2020103@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jean-Marc Meessen escribi?: > Well, > I think it must be something other as the Enigmail distribution was > already installed before the crash and worked. Or was it by accident > that it worked. Well, since the TB profile was damaged, maybe you should try to make a new profile, and test thing with it... maybe you can import the messages from the old profile... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI8ktqAAoJEMV4f6PvczxA5WgH/RbxGhtoaJNJ7wmBjnXe4axx zrCPHIKxqc5FgiGRVQXtzoYGsKW+xO8KlUqd0e9wscTDmEMNg08KMy5wV5yjMaZ/ RlsJdl0naUiaqgjU9t95s5p9HO75yYTjIN27G8R25YDeUb2hVHzbZ92DjJEWk25A SzNXDbb0Nwqcrlc9psNgILmzSk/rjYuuB3T17r4zi7sSKXcR3yruIGyD32gEZiPe 8CeCPdRQxYfxuGAshchMiwgAfJxqIWcYbEwdGmLXr1W7xxkg0pzWi6J9nx2fiJr/ D/4gwTJsm4/XDOcwqQ/7mCTXSqdf7Ap5wVA8SV/cmt4tM9HOV4/pbgnQYMBo3Yk= =GYtY -----END PGP SIGNATURE----- From enigmail at jean-marc.meessen-web.org Sun Oct 12 13:31:33 2008 From: enigmail at jean-marc.meessen-web.org (Jean-Marc Meessen) Date: Sun, 12 Oct 2008 22:31:33 +0200 Subject: [Enigmail] [Fwd: Re: Enigmail not detecting/enabling GPG anymore] In-Reply-To: <48F24720.3010304@mozilla-enigmail.org> References: <48E91436.2000501@jean-marc.meessen-web.org> <48E9242C.30808@mozilla-enigmail.org> <48F1D46D.2040101@jean-marc.meessen-web.org> <48F1E9C2.607@mozilla-enigmail.org> <48F2254C.3070306@jean-marc.meessen-web.org> <48F24720.3010304@mozilla-enigmail.org> Message-ID: <48F25EA5.90405@jean-marc.meessen-web.org> Olav Seyfarth a ?crit : > Hi Jean-Marc, > > > I unistalled Enigmail and reinstalled from the distribution that I > used when > > I first installed installed it (and it didn't work). > > you installed Thunderbird from the same source, yes? > Are you on a amd64 system? Is your TB 64bit? Is your EM 64bit? No Enigmail did not come from the same source as Thunderbird was preinstalled on my Asus eeePC. (The distribution is xandros.) I downloaded Enigmail from Mozilla. But it had worked for several months and was used about every two days. How can I find out what is the system I am running it on (amd64) and what version are TB and EM ? > > > What about my hunch that it could be coming from a corrupted config/temp > > file ? > > temp: I don't think so but you might want to delete xul.mfl . > config: you may try to start from scratch config-wise: shutdown TB, delete > all lines in prefs.js starting with enigmail and restart TB. > I'll try that tomorrow. Ref Faramir's suggestion. I made the test with an empty profile directory (where I had to reconfigure the mail accounts). I installed the EM package I used before. And I still had the same problem. As I didn't take notes and it's a week ago, I'll do the test again. Indeed, this doesn't speak in favour of a corrupted config file but rather in the direction of Olav: incompatible versions that worked before by chance. Jmm (Thanks for your advise) > Olav _______________________________________________ Enigmail mailing list Enigmail at mozdev.org https://www.mozdev.org/mailman/listinfo/enigmail From olav at mozilla-enigmail.org Sun Oct 12 14:05:36 2008 From: olav at mozilla-enigmail.org (Olav Seyfarth) Date: Sun, 12 Oct 2008 23:05:36 +0200 Subject: [Enigmail] Enigmail not detecting/enabling GPG anymore In-Reply-To: <48F25EA5.90405@jean-marc.meessen-web.org> References: <48E91436.2000501@jean-marc.meessen-web.org> <48E9242C.30808@mozilla-enigmail.org> <48F1D46D.2040101@jean-marc.meessen-web.org> <48F1E9C2.607@mozilla-enigmail.org> <48F2254C.3070306@jean-marc.meessen-web.org> <48F24720.3010304@mozilla-enigmail.org> <48F25EA5.90405@jean-marc.meessen-web.org> Message-ID: <48F266A0.7020307@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Jean-Marc, > How can I find out what is the system I am running it on (amd64)? sorry, I forgot that you wrote eeePC 701: it's a Celeron-M 900, so it's "i386", not "amd64". > incompatible versions that worked before by chance. Definitely because of the enigmime error from your logs. But I confirm that many eeePC users did / do? work with the (unsupported) combination of an eeePC's TB + enigmail.mozdev.org's EM. There might have been changes in the way ASUS built current packages - or changes in Mozilla code that Enigmail is compiled against. Anyway, the combination seems to no longer work. Well, you are absolutely sure that you did install the correct package (i386), aren't you? BTW: http://support.xandros.com/desktop-faq.php#EeePC Does Xandros Provide Support for the Eee PC? No. The Eee PC is an ASUS product and is solely supported by them, including Operating system issues. The Operating System on the Eee PC is not a Xandros Product. While Xandros may have aided in the development of the Eee PC OS, it is owned and supported by ASUS. Please contact ASUS support at http://support.asus.com/ for all Eee PC related questions. The question is: Is there an eeePC Enigmail package? If not, please consider building one (and send it to me to be published through the EM website) - or ask ASUS if they are willing to (the BEST way since it would be available for all eeePC users). Alternatively you might uninstall eeePC's TB and install mozilla.com's. But that would mean that you from then on would have to update your TB manually. Because of that I recommend to stay with the distro's TB. Olav -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Diese ist eine Digitale Signatur nach OpenPGP-Standard Comment: Weitere Informationen: http://privat.seyfarth.de/olav/schluessel.html iEYEAREIAAYFAkjyZp4ACgkQL/NBt8fdKe3LrQCfRvxkJMt0TWbBWOPsOKRUB7qG gTsAoKoidGWMIsfCvJ2/qkqxFn0E+ERg =5aac -----END PGP SIGNATURE----- From eitanadlerlist at gmail.com Sun Oct 12 19:26:37 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Sun, 12 Oct 2008 22:26:37 -0400 Subject: [Enigmail] Engimail for freebsd i386 In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Olav Seyfarth wrote: > On 12.10.2008 16:15, Eitan Adler wrote: >> I have a working XPI - where should I send it to ? > > great to hear! Send it to me, please. Along with a detached ascii sig > (gpg -a -b ). I'll upload it to the mozdev download page. > > Thanks, > Olav Sent. I forgot to mention that its for freeBSD 7 - not 6. Also why do you need the signature? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkjysd0ACgkQtl8kq+nCzNEdZwCeJQD5zxxbgOiezt+zUGY/Xsw/ aL4AnRzHch5NaXFBh5q3pBoRqF/j9Qio =7B9E -----END PGP SIGNATURE----- From olav at mozilla-enigmail.org Mon Oct 13 08:24:36 2008 From: olav at mozilla-enigmail.org (Olav Seyfarth) Date: Mon, 13 Oct 2008 17:24:36 +0200 Subject: [Enigmail] Engimail for freebsd i386 In-Reply-To: References: Message-ID: <48F36834.40807@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Eitan, > Sent. I forgot to mention that its for freeBSD 7 - not 6. up now, please check that all is correct: http://enigmail.mozdev.org/download/index.php > Also why do you need the signature? Because it is a package with executable content. All such packages should be signed. And, yes, ideally there should be a chain of trust from Patrick to you or at least from the person downloading to you. At least, your sig may be used as an integrity check (instead of a SHA1 sum mentioned on the download page). Olav -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Diese ist eine Digitale Signatur nach OpenPGP-Standard Comment: Weitere Informationen: http://privat.seyfarth.de/olav/schluessel.html iEYEAREIAAYFAkjzaDMACgkQL/NBt8fdKe3klQCgiaZEsjdJUVTzhPiyLctEt3/G bcwAnjYNAg+fjA8a6NUqw6cO591gaN7Q =A5Gi -----END PGP SIGNATURE----- From enigmail at jean-marc.meessen-web.org Mon Oct 13 13:34:15 2008 From: enigmail at jean-marc.meessen-web.org (Jean-Marc Meessen) Date: Mon, 13 Oct 2008 22:34:15 +0200 Subject: [Enigmail] [Solved!] Enigmail not detecting/enabling GPG anymore In-Reply-To: <48F266A0.7020307@mozilla-enigmail.org> References: <48E91436.2000501@jean-marc.meessen-web.org> <48E9242C.30808@mozilla-enigmail.org> <48F1D46D.2040101@jean-marc.meessen-web.org> <48F1E9C2.607@mozilla-enigmail.org> <48F2254C.3070306@jean-marc.meessen-web.org> <48F24720.3010304@mozilla-enigmail.org> <48F25EA5.90405@jean-marc.meessen-web.org> <48F266A0.7020307@mozilla-enigmail.org> Message-ID: <48F3B0C7.5010109@jean-marc.meessen-web.org> Hello Olav, EUREKA. And it was so obvious ! First of all, I need to say that I am fairly new with unix though I have 25 years experience in computing. When I salvaged the files (the profile directory that was stored on the TrueCrypt disk), I restored them on the flash drive. For a reason or the other, this drive mounts with "root" as owner and so that "user" has no execute rights... I moved the profile to the main disk (where I am the owner), changed the .ini, and tadaa, Enigmail works... I was put on the scent of this when I tried to run Thunderbird under root (sudo) and enigmail worked. So, I then started to look for a security related problem and realized that Enigmail "executables" are stored in the profile. If they can't be executed, it can't work correctly... CQFD (ce qu'il fallait d?montrer) Stupid mistake, and sorry to have used this list bandwidth uselessly. Jmm (from the eeePC) From eitanadlerlist at gmail.com Mon Oct 13 13:51:56 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Mon, 13 Oct 2008 16:51:56 -0400 Subject: [Enigmail] [Solved!] Enigmail not detecting/enabling GPG anymore In-Reply-To: References: <48E91436.2000501@jean-marc.meessen-web.org> <48E9242C.30808@mozilla-enigmail.org> <48F1D46D.2040101@jean-marc.meessen-web.org> <48F1E9C2.607@mozilla-enigmail.org> <48F2254C.3070306@jean-marc.meessen-web.org> <48F24720.3010304@mozilla-enigmail.org> <48F25EA5.90405@jean-marc.meessen-web.org> <48F266A0.7020307@mozilla-enigmail.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jean-Marc Meessen wrote: > Hello Olav, > > EUREKA. > > And it was so obvious ! > > First of all, I need to say that I am fairly new with unix though I have > 25 years experience in computing. > > When I salvaged the files (the profile directory that was stored on the > TrueCrypt disk), I restored them on the flash drive. For a reason or the > other, this drive mounts with "root" as owner and so that "user" has no > execute rights... > I moved the profile to the main disk (where I am the owner), changed the > .ini, and tadaa, Enigmail works... > > I was put on the scent of this when I tried to run Thunderbird under > root (sudo) and enigmail worked. So, I then started to look for a > security related problem and realized that Enigmail "executables" are > stored in the profile. If they can't be executed, it can't work correctly... > CQFD (ce qu'il fallait d?montrer) > > Stupid mistake, and sorry to have used this list bandwidth uselessly. > > Jmm > (from the eeePC) > > > It wasn't useless. Now other users with the same problems can (hopefully) find what they are looking for. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkjztOsACgkQtl8kq+nCzNHHpQCcCsFEwxXxjzq6se5BzU8ZdZED VC8Anjo5R/+hzjGns3DOSDcpcQwu+RA2 =aWkG -----END PGP SIGNATURE----- From eitanadlerlist at gmail.com Sun Oct 19 19:55:16 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Sun, 19 Oct 2008 22:55:16 -0400 Subject: [Enigmail] [off topic] multiple passwords for the same service Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I thought I would ask here as the people here seem to know what they are talking about. If you have multiple ways of accessing the same information is it generally better to use two different passwords or just one. To give an example: You can access your email over the web, or by using IMAP. Is it better to use different passwords or one? The same would apply with sftp/ftp-over-https. I hope I am making myself clear. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkj78xQACgkQtl8kq+nCzNHh/wCbBl4+OqgrrdRDRR9ZR9mepS4+ vbgAn11X2C8XVZHtCgNfT0ME4ULkZCfh =9NQy -----END PGP SIGNATURE----- From rjh at sixdemonbag.org Sun Oct 19 22:01:55 2008 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 20 Oct 2008 01:01:55 -0400 Subject: [Enigmail] [off topic] multiple passwords for the same service In-Reply-To: References: Message-ID: <48FC10C3.5040209@sixdemonbag.org> Eitan Adler wrote: > I hope I am making myself clear. The usual argument is that passwords should protect capabilities, not mechanisms. E.g., if you're accessing your email via HTTPS through a web browser or through an IMAP/S connection, either way you have the same capabilities: you can read your email, write email, manage your folders, etc. But if you wanted to use the same password on your company Exchange server that you use on for your personal account, that could be unwise. The Exchange server controls your address book, your schedule, your calendar, etc.; the Exchange capability profile is different than the IMAP/S capability profile, so the two should have different passwords. From eitanadlerlist at gmail.com Mon Oct 20 13:20:20 2008 From: eitanadlerlist at gmail.com (Eitan Adler) Date: Mon, 20 Oct 2008 16:20:20 -0400 Subject: [Enigmail] [off topic] multiple passwords for the same service In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert J. Hansen wrote: > Eitan Adler wrote: >> I hope I am making myself clear. > > The usual argument is that passwords should protect capabilities, not > mechanisms. E.g., if you're accessing your email via HTTPS through a > web browser or through an IMAP/S connection, either way you have the > same capabilities: you can read your email, write email, manage your > folders, etc. Alright thanks. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkj86AQACgkQtl8kq+nCzNENewCdG41gdYvCQXDqmqNLKsLJ/vS6 yfIAnjhpTtUcR/pe3bmzu3kPXcuxBYw/ =pijn -----END PGP SIGNATURE----- From tleatherslave2 at googlemail.com Wed Oct 22 00:05:56 2008 From: tleatherslave2 at googlemail.com (TPE leatherslave) Date: Wed, 22 Oct 2008 09:05:56 +0200 Subject: [Enigmail] RE interests*** Message-ID: <6ce48d930810220005i443f0badu6767a5500c66ba73@mail.gmail.com> thanks webmaster.... -------------- next part -------------- A non-text attachment was scrubbed... Name: Eigene Bilder1.jpg Type: image/jpeg Size: 5407 bytes Desc: not available URL: From cristiklein at gmail.com Wed Oct 22 11:00:54 2008 From: cristiklein at gmail.com (Cristian KLEIN) Date: Wed, 22 Oct 2008 20:00:54 +0200 Subject: [Enigmail] Invalid UTF-8 Characters Message-ID: <48FF6A56.3090209@gmail.com> Hi, I'm the maintainer of the ro_RO locale for Enigmail. Recently I observed that the message for prefGood (?Semn?tur? bun? de la %S?) from enigmail.properties, which contains UTF-8 characters, is rendered incorrectly in Thunderbird running in Ubuntu Intrepid. More exactly, ??? is rendered as a box containing 0003. This message appears above a message in Thunderbird's main window, or when double-clicking the envelope icon. Interestingly, other messages, such as keyAndSigDateID (?Semnat ?n?) and securityInfo (?Informa?ii de securitate OpenPGP?) are rendered correctly. Could somebody help me solve this issue? From olav at mozilla-enigmail.org Wed Oct 22 11:38:01 2008 From: olav at mozilla-enigmail.org (Olav Seyfarth) Date: Wed, 22 Oct 2008 20:38:01 +0200 Subject: [Enigmail] Invalid UTF-8 Characters In-Reply-To: <48FF6A56.3090209@gmail.com> References: <48FF6A56.3090209@gmail.com> Message-ID: <48FF7309.4010000@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Cristian, > I'm the maintainer of the ro_RO locale for Enigmail. Recently I observed > that the message for prefGood (?Semn?tur? bun? de la %S?) from > enigmail.properties, which contains UTF-8 characters, is rendered > incorrectly in Thunderbird running in Ubuntu Intrepid. > > More exactly, ??? is rendered as a box containing 0003. This message > appears above a message in Thunderbird's main window, or when > double-clicking the envelope icon. > > Interestingly, other messages, such as keyAndSigDateID (?Semnat ?n?) and > securityInfo (?Informa?ii de securitate OpenPGP?) are rendered correctly. usually a box showing the Unicode number only appears when the font used doesn't contain the letter requested, instead the Unicode number is shown. However, without having checked, I doubt that the code of ??? is 0003. In short: no idea. But I'd like to add another Unicode question: could anyone point me to a good free text editor for Windows with Unicode support that one can edit multiple documents in parallel and that has a built-in RexEx-capable search function that is more or less self-explanatory? Olav -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Diese ist eine Digitale Signatur nach OpenPGP-Standard Comment: Weitere Informationen: http://privat.seyfarth.de/olav/schluessel.html iEYEAREIAAYFAkj/cwgACgkQL/NBt8fdKe085wCfRUzhQCdqDnl0dRx5LYEdWTc2 5rMAoIZqyM3ytfcdjrlrZ35xWIxGP83t =ScKM -----END PGP SIGNATURE----- From chd at chud.net Wed Oct 22 13:57:55 2008 From: chd at chud.net (Chris De Young) Date: Wed, 22 Oct 2008 13:57:55 -0700 Subject: [Enigmail] Setting for encrypt-if-key-found? Message-ID: <48FF93D3.7090205@chud.net> Hi, I'm using Enigmail 0.95.7 with Thunderbird 2.0.0.17 -- I can set preferences to encrypt by default, sign by default, or both, or neither. What I would really like though is an encryption preference setting for "encrypt by default if an appropriate key is found on my keyring, not otherwise." I realize there is a local performance penalty to pay for constantly checking, but I think I'm okay with that. Is there currently any way to do this? An added bit of niceness would be a setting for "do or do not go look on keyservers if a key is not found," but that's definitely secondary. Thanks! -Chris -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature URL: From darylstyrk at gmail.com Wed Oct 22 15:17:13 2008 From: darylstyrk at gmail.com (Daryl Styrk) Date: Wed, 22 Oct 2008 18:17:13 -0400 Subject: [Enigmail] Setting for encrypt-if-key-found? In-Reply-To: <48FF93D3.7090205@chud.net> References: <48FF93D3.7090205@chud.net> Message-ID: <48FFA669.90200@gmail.com> Chris De Young wrote: > Hi, > > I'm using Enigmail 0.95.7 with Thunderbird 2.0.0.17 -- I can set preferences to > encrypt by default, sign by default, or both, or neither. What I would really > like though is an encryption preference setting for "encrypt by default if an > appropriate key is found on my keyring, not otherwise." I realize there is a > local performance penalty to pay for constantly checking, but I think I'm okay > with that. > > Is there currently any way to do this? > > An added bit of niceness would be a setting for "do or do not go look on > keyservers if a key is not found," but that's definitely secondary. > > Thanks! > -Chris > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Enigmail mailing list > Enigmail at mozdev.org > https://www.mozdev.org/mailman/listinfo/enigmail How about the per recipient rule? From chd at chud.net Wed Oct 22 17:10:52 2008 From: chd at chud.net (Chris De Young) Date: Wed, 22 Oct 2008 17:10:52 -0700 Subject: [Enigmail] Setting for encrypt-if-key-found? In-Reply-To: <48FFA669.90200@gmail.com> References: <48FF93D3.7090205@chud.net> <48FFA669.90200@gmail.com> Message-ID: <48FFC10C.9040505@chud.net> Daryl Styrk wrote: > > How about the per recipient rule? Functionally that may work, but I have to go build one for every recipient, which is a pain... unless there's a way to have them automatically built based on the criteria I'm looking for? I'll look into what I can do with per-recipient rules in more detail. I'd really like to automate as much as possible, basically with a preference of "always use as much GPG as possible." :-) How do per-recipient rules work when matching against a list of recipients? I might want a rule that says encrypt if the recipient is "bob", but do not encrypt if the recipient is "bob, alice", but do encrypt if the recipient is "carol, bob" and so on, based on knowing who supports it. As is, I end up not always encrypting mail to people who would be able to read it because I don't always think "hey, can I encrypt to this person?" for every message I send, and if I don't make a manual decision for each message then the default has to be no encryption because too many of my recipients don't use PGP. Thanks, -Chris -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature URL: From John at Mozilla-Enigmail.org Wed Oct 22 17:30:46 2008 From: John at Mozilla-Enigmail.org (John Clizbe) Date: Wed, 22 Oct 2008 19:30:46 -0500 Subject: [Enigmail] Setting for encrypt-if-key-found? In-Reply-To: <48FF93D3.7090205@chud.net> References: <48FF93D3.7090205@chud.net> Message-ID: <48FFC5B6.1010305@Mozilla-Enigmail.org> Chris De Young wrote: > I'm using Enigmail 0.95.7 with Thunderbird 2.0.0.17 -- I can set preferences to > encrypt by default, sign by default, or both, or neither. What I would really > like though is an encryption preference setting for "encrypt by default if an > appropriate key is found on my keyring, not otherwise." I realize there is a > local performance penalty to pay for constantly checking, but I think I'm okay > with that. 1) Select Encrypt by default 2) Under 'Key Selection' in Enigmail's advanced preferences, select 'by rules and addresses' or 'by email addresses'. I prefer the first of these two. 3) If you select the bottom button, 'No manual key selection', Enigmail will send the message unencrypted if *ANY* of the recipients cannot be matched to a key. This is the behavior closest to what you are asking for, but before selecting it, be *VERY AWARE* of this one potential gotcha. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-keys at gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 677 bytes Desc: OpenPGP digital signature URL: From cristiklein at gmail.com Wed Oct 22 17:41:43 2008 From: cristiklein at gmail.com (Cristian KLEIN) Date: Thu, 23 Oct 2008 02:41:43 +0200 Subject: [Enigmail] Invalid UTF-8 Characters In-Reply-To: <48FF7309.4010000@mozilla-enigmail.org> References: <48FF6A56.3090209@gmail.com> <48FF7309.4010000@mozilla-enigmail.org> Message-ID: <48FFC847.4030206@gmail.com> > Hi Cristian, > >> I'm the maintainer of the ro_RO locale for Enigmail. Recently I observed >> that the message for prefGood (?Semn?tur? bun? de la %S?) from >> enigmail.properties, which contains UTF-8 characters, is rendered >> incorrectly in Thunderbird running in Ubuntu Intrepid. >> >> More exactly, ??? is rendered as a box containing 0003. This message >> appears above a message in Thunderbird's main window, or when >> double-clicking the envelope icon. >> >> Interestingly, other messages, such as keyAndSigDateID (?Semnat ?n?) and >> securityInfo (?Informa?ii de securitate OpenPGP?) are rendered correctly. > > usually a box showing the Unicode number only appears when the font used > doesn't contain the letter requested, instead the Unicode number is shown. > However, without having checked, I doubt that the code of ??? is 0003. > In short: no idea. Am I really the only one experiencing this problem? I observed that beginPgpPart is also rendered distorted. Also, when I replied to this message while Enigmail was active, all the special characters (???? etc.) where distorted? So, I don't think its a simple localisation issue. Also, I have observed that the messages go to different objects (statusText in one case, errorObjMsg in another). Is there some kind of difference between the two? Any ideas? From chd at chud.net Wed Oct 22 17:48:08 2008 From: chd at chud.net (Chris De Young) Date: Wed, 22 Oct 2008 17:48:08 -0700 Subject: [Enigmail] Setting for encrypt-if-key-found? In-Reply-To: <48FFC5B6.1010305@Mozilla-Enigmail.org> References: <48FF93D3.7090205@chud.net> <48FFC5B6.1010305@Mozilla-Enigmail.org> Message-ID: <48FFC9C8.3040006@chud.net> Thanks! I think this is pretty much what I'm looking for. I'll try it with both key selection options and see what I prefer... I agree that address+rules selection is better, so I'll try that first and find out whether it gets too annoying to be constantly reminded to de-select the encryption for most messages. :-) Thanks, -C John Clizbe wrote: > Chris De Young wrote: >> I'm using Enigmail 0.95.7 with Thunderbird 2.0.0.17 -- I can set preferences to >> encrypt by default, sign by default, or both, or neither. What I would really >> like though is an encryption preference setting for "encrypt by default if an >> appropriate key is found on my keyring, not otherwise." I realize there is a >> local performance penalty to pay for constantly checking, but I think I'm okay >> with that. > > 1) Select Encrypt by default > > 2) Under 'Key Selection' in Enigmail's advanced preferences, select 'by rules > and addresses' or 'by email addresses'. I prefer the first of these two. > > 3) If you select the bottom button, 'No manual key selection', Enigmail will > send the message unencrypted if *ANY* of the recipients cannot be matched to a key. > > This is the behavior closest to what you are asking for, but before selecting > it, be *VERY AWARE* of this one potential gotcha. > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Enigmail mailing list > Enigmail at mozdev.org > https://www.mozdev.org/mailman/listinfo/enigmail -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature URL: From jmoore3rd at bellsouth.net Wed Oct 22 20:35:31 2008 From: jmoore3rd at bellsouth.net (John W. Moore III) Date: Wed, 22 Oct 2008 23:35:31 -0400 Subject: [Enigmail] Setting for encrypt-if-key-found? In-Reply-To: <48FFC9C8.3040006@chud.net> References: <48FF93D3.7090205@chud.net> <48FFC5B6.1010305@Mozilla-Enigmail.org> <48FFC9C8.3040006@chud.net> Message-ID: <48FFF103.2030602@bellsouth.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Chris De Young wrote: > annoying to be constantly reminded to de-select the encryption for most > messages. :-) That's why John specified 'checking' the radio button: No Manual Key Selection When enabled this option will not 'annoy' You whenever a matching Key is not found on Your Keyring. It will simply Send the Message unencrypted. This is why He cautioned to 'be very careful' because You might send a Message and not even know it wasn't Encrypted. JOHN ;) Timestamp: Wednesday 22 Oct 2008, 23:35 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI//EAAAoJEBCGy9eAtCsPKrsH/R36vcXpEe8gaEb3W2ADEecC bG3rlwd5swdP71QfSMDvYD3FNP7kVGBT2jnQDbmwCUFgt7qaS+/NuWrRYA9vfGzb 4tv42yOYwP1Dc7PARGAxvGtGWSLFOTV0+a2fFObL5/uaKZZJdFjz+6+WqPUH1i6T PbHzwtoEx6bORWUW3tM4m0baLX7xxORLmMDxrBnxjaV0fCxiUWOWrTLcoPcIfgap N7tjrD50V7gXJa96QRYKCE5Z6e/Lga4I4LP5HgkwUBDyYC4DAEUc4VEjIo35gyWV aCPAb4w+9S1Srmme22lzwzAOqtOWoCVqRAnc7i/HcBFa7keHoTyug3bh/fqSbX4= =gi4W -----END PGP SIGNATURE----- From chd at chud.net Wed Oct 22 20:46:46 2008 From: chd at chud.net (Chris De Young) Date: Wed, 22 Oct 2008 20:46:46 -0700 Subject: [Enigmail] Setting for encrypt-if-key-found? In-Reply-To: <48FFF103.2030602@bellsouth.net> References: <48FF93D3.7090205@chud.net> <48FFC5B6.1010305@Mozilla-Enigmail.org> <48FFC9C8.3040006@chud.net> <48FFF103.2030602@bellsouth.net> Message-ID: <48FFF3A6.10407@chud.net> John W. Moore III wrote: > > When enabled this option will not 'annoy' You whenever a matching Key is > not found on Your Keyring. It will simply Send the Message unencrypted. > This is why He cautioned to 'be very careful' because You might send a > Message and not even know it wasn't Encrypted. I understand - and I'm rethinking the wisdom of this tradeoff, since that might be a danger I don't want. I could certainly see getting in the habit of encrypting when possible and (silently) not when not for things that mostly don't matter, but then something comes along that does matter and maybe I don't remember that I don't have the key for the new guy on the list yet. Out it goes in the clear with no warning. And yes, the "annoyance" of an extra click or two is pretty minor, it's just much-repeated. :) Thanks! -C -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature URL: From Arne.Johnsen at gmx.de Thu Oct 23 00:05:14 2008 From: Arne.Johnsen at gmx.de (Arne Johnsen) Date: Thu, 23 Oct 2008 09:05:14 +0200 Subject: [Enigmail] Free UTF-8 Editor In-Reply-To: <48FF7309.4010000@mozilla-enigmail.org> References: <48FF6A56.3090209@gmail.com> <48FF7309.4010000@mozilla-enigmail.org> Message-ID: <4900222A.4020905@gmx.de> Olav Seyfarth schrieb: > But I'd like to add another Unicode question: could anyone point me to a > good free text editor for Windows with Unicode support that one can edit > multiple documents in parallel For just this, I can suggest PSPad: http://www.pspad.com/en/ From main page: > PSPad is a freeware programmer's editor for Microsoft Windows > operating systems, useful for people who: > > * work with various programming environments * like highlighted > syntax in their source code * need a small tool with simple controls > and the capabilities of a mighty code editor * are looking for a tool > that handles plain text * want to save time - PSPad offers rich text > formating functions * need tool what offer user extension > capabilities * want to save money and still have the functionality of > professional products because PSPad is free for commercial and > government purposes too Olav Seyfarth schrieb: > and that has a built-in RexEx-capable search function that is more or > less self-explanatory? As I haven't used the search functions with regular expressions, you have to look, if it fullfills your needs in this part. Arne -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature URL: From patrick at mozilla-enigmail.org Thu Oct 23 00:26:11 2008 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Thu, 23 Oct 2008 09:26:11 +0200 Subject: [Enigmail] Invalid UTF-8 Characters In-Reply-To: <48FFC847.4030206@gmail.com> References: <48FF6A56.3090209@gmail.com> <48FF7309.4010000@mozilla-enigmail.org> <48FFC847.4030206@gmail.com> Message-ID: <49002713.30000@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cristian KLEIN wrote: >> Hi Cristian, >> >>> I'm the maintainer of the ro_RO locale for Enigmail. Recently I observed >>> that the message for prefGood (?Semn?tur? bun? de la %S?) from >>> enigmail.properties, which contains UTF-8 characters, is rendered >>> incorrectly in Thunderbird running in Ubuntu Intrepid. >>> >>> More exactly, ??? is rendered as a box containing 0003. This message >>> appears above a message in Thunderbird's main window, or when >>> double-clicking the envelope icon. >>> >>> Interestingly, other messages, such as keyAndSigDateID (?Semnat ?n?) and >>> securityInfo (?Informa?ii de securitate OpenPGP?) are rendered >>> correctly. >> >> usually a box showing the Unicode number only appears when the font used >> doesn't contain the letter requested, instead the Unicode number is >> shown. >> However, without having checked, I doubt that the code of ??? is 0003. >> In short: no idea. > > Am I really the only one experiencing this problem? I observed that > beginPgpPart is also rendered distorted. Also, when I replied to this > message while Enigmail was active, all the special characters (???? > etc.) where distorted? So, I don't think its a simple localisation issue. > > Also, I have observed that the messages go to different objects > (statusText in one case, errorObjMsg in another). Is there some kind of > difference between the two? Where precisely in the code? Both variables are used quite frequently. > Any ideas? If you can point me to some Romanian version of Thunderbird, I can look into it. - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBSQAnEXcOpHodsOiwAQKS8wgAihFYlJNwuSCn8YB7FGSXkgD8YdnALMFp /7J0VrIspU4RgbRSmlCVpkURe0kOJKveooKW6Kf3ZQ01FQRLDFnP0olRPXpqwPB5 h2YF/NXrbYfyIqPq1ctpv3eIt8iYbHj/vAasccgEOqKgWJ0qTIkKthKmUrDi01rH Ard0bq9c1wPPIsmE8UaCIX5gJdnQmn15N19XYUX5woozBqjsn6moCQMPWYW6SKMi Ahki+eiVns1kHpFXMEV/KDkzRQ61l1ePPcs4ePDdQGjIQ140F7bgAiGzIl0YBWNl jNJ9ncyqcMtxEqPmR9s5OVPY1639YydCgiFWFNX5rsj/FkuF7iMO0w== =wztq -----END PGP SIGNATURE----- From patrick at mozilla-enigmail.org Thu Oct 23 00:29:10 2008 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Thu, 23 Oct 2008 09:29:10 +0200 Subject: [Enigmail] Setting for encrypt-if-key-found? In-Reply-To: <48FFF3A6.10407@chud.net> References: <48FF93D3.7090205@chud.net> <48FFC5B6.1010305@Mozilla-Enigmail.org> <48FFC9C8.3040006@chud.net> <48FFF103.2030602@bellsouth.net> <48FFF3A6.10407@chud.net> Message-ID: <490027C6.5090500@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris De Young wrote: > John W. Moore III wrote: >> When enabled this option will not 'annoy' You whenever a matching Key is >> not found on Your Keyring. It will simply Send the Message unencrypted. >> This is why He cautioned to 'be very careful' because You might send a >> Message and not even know it wasn't Encrypted. > > I understand - and I'm rethinking the wisdom of this tradeoff, since that might > be a danger I don't want. > > I could certainly see getting in the habit of encrypting when possible and > (silently) not when not for things that mostly don't matter, but then something > comes along that does matter and maybe I don't remember that I don't have the > key for the new guy on the list yet. Out it goes in the clear with no warning. > And yes, the "annoyance" of an extra click or two is pretty minor, it's just > much-repeated. :) There's a kind of way out for this: if you enable the option "Always confirm before sending" in the "Sending" tab of the OpenPGP preferences, you'll always get a dialog before sending telling you whether the message will be encrypted or not. - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBSQAnxXcOpHodsOiwAQKncAf/Xk+uTMjMP06JP/zteIGMo5ZkK+Ao0Ke+ Sa0s74LxvEaYIV9zTXKmYOdZslknAa+Tf7p3dCGUCJx3Yr1J7kxxammGDuv28D/Z 5XHpNrghkk+bCNx2c+ng/e21fEBCxbTuNqndKiJjb+RdS1FZx7nd5+dFnuolU9z3 CIyn+TgXEnC+EXTYrvdIXgs4GB2p5vd231voRMm9epjpfN9UFcPvCRFHhG+tvgnZ T7OGR4lVlF8gPDlFe5hnZkwFcnYDomIy2WDBMtcX4mwDsceaJq2fr2BGWgJ67seK gIC7q7euwhLyyU9KkKWJzf9Zu0pWqZmv0WtgbX3J2cERwuD0+z5Zxw== =76Zs -----END PGP SIGNATURE----- From post at lespocky.de Thu Oct 23 01:39:39 2008 From: post at lespocky.de (Alexander Dahl) Date: Thu, 23 Oct 2008 10:39:39 +0200 Subject: [Enigmail] free unicode capable editor on (was: Invalid UTF-8 Characters) In-Reply-To: <48FF7309.4010000@mozilla-enigmail.org> References: <48FF6A56.3090209@gmail.com> <48FF7309.4010000@mozilla-enigmail.org> Message-ID: <0MKwtQ-1KsvjP0zjM-0007OO@mrelayeu.kundenserver.de> Hi Olav, > But I'd like to add another Unicode question: could anyone point me to a > good free text editor for Windows with Unicode support that one can edit > multiple documents in parallel and that has a built-in RexEx-capable search > function that is more or less self-explanatory? Notepad++ http://notepad-plus.sourceforge.net/ [x] unicode [x] multiple documents [x] regex-search [?] self-explanatory I used regexes with notepad++ a few times with the syntax I remembered from grep and perl and achieved what I wanted. I would call that self explanatory, but I'm not entirely sure. Greets Alex -- ?With the first link, the chain is forged. The first speech censured, the first thought forbidden, the first freedom denied, chains us all irrevocably.? (Jean-Luc Picard, quoting Judge Aaron Satie) *** GnuPG-FP: 02C8 A590 7FE5 CA5F 3601 D1D5 8FBA 7744 CC87 10D0 *** -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature URL: From cristiklein at gmail.com Thu Oct 23 02:56:14 2008 From: cristiklein at gmail.com (Cristian KLEIN) Date: Thu, 23 Oct 2008 11:56:14 +0200 Subject: [Enigmail] Invalid UTF-8 Characters In-Reply-To: <49002713.30000@mozilla-enigmail.org> References: <48FF6A56.3090209@gmail.com> <48FF7309.4010000@mozilla-enigmail.org> <48FFC847.4030206@gmail.com> <49002713.30000@mozilla-enigmail.org> Message-ID: <49004A3E.1000801@gmail.com> Patrick Brunschwig a scris: > Cristian KLEIN wrote: >>> Hi Cristian, >>> >>>> I'm the maintainer of the ro_RO locale for Enigmail. Recently I observed >>>> that the message for prefGood ( Semntur bun de la %S ) from >>>> enigmail.properties, which contains UTF-8 characters, is rendered >>>> incorrectly in Thunderbird running in Ubuntu Intrepid. >>>> >>>> More exactly,  is rendered as a box containing 0003. This message >>>> appears above a message in Thunderbird's main window, or when >>>> double-clicking the envelope icon. >>>> >>>> Interestingly, other messages, such as keyAndSigDateID ( Semnat ?n ) and >>>> securityInfo ( Informaii de securitate OpenPGP ) are rendered >>>> correctly. >>> usually a box showing the Unicode number only appears when the font used >>> doesn't contain the letter requested, instead the Unicode number is >>> shown. >>> However, without having checked, I doubt that the code of  is 0003. >>> In short: no idea. >> Am I really the only one experiencing this problem? I observed that >> beginPgpPart is also rendered distorted. Also, when I replied to this >> message while Enigmail was active, all the special characters ( ? >> etc.) where distorted? So, I don't think its a simple localisation issue. > >> Also, I have observed that the messages go to different objects >> (statusText in one case, errorObjMsg in another). Is there some kind of >> difference between the two? > > Where precisely in the code? Both variables are used quite frequently. The following code is taken from components/enigmail.js:3207 if (goodSignature) { errorMsgObj.value = trustPrefix + EnigGetString("prefGood",userId) I tried to play around a bit, deleting trustPrefix and changing ?prefGood?. If I delete trustPrefix and add ??????? to prefGood, the message is rendered correctly. >> Any ideas? > > If you can point me to some Romanian version of Thunderbird, I can look > into it. Thanks a lot. If you are using Ubuntu, you may install thunderbird-locale-ro: http://packages.ubuntu.com/intrepid/thunderbird-locale-ro. If you have Hardy, downloading the package and installing it with ?dpkg -i --force-all? should work. If you're not using Ubuntu, you may download Romanian language pack from https://addons.mozilla.org/en-US/thunderbird/users/login?to=downloads%2Ffile%2F35450%2Finterfa_______n_rom__n___pentru_thunderbird_2__romanian_-0.8-tb.xpi&m=1 (required an account), or get the XPI out of the source of the Ubuntu package. Please tell me if there's anything else I could do to help. From easthg at gmail.com Thu Oct 23 19:10:17 2008 From: easthg at gmail.com (hao.guang) Date: Fri, 24 Oct 2008 10:10:17 +0800 Subject: [Enigmail] about: tb extension when sending a mail. Message-ID: <561618ad0810231910o4474c814y53d44b459a7d4723@mail.gmail.com> I'm a newer to TB *extension, I met a question in my project about tb extension. the problem : when send a mail, would you tell me how to get a chance to add my Encrypt/sign to the mail. any help would be appreciated. -------------- next part -------------- An HTML attachment was scrubbed... URL: From patrick at mozilla-enigmail.org Fri Oct 24 05:06:44 2008 From: patrick at mozilla-enigmail.org (Patrick Brunschwig) Date: Fri, 24 Oct 2008 14:06:44 +0200 Subject: [Enigmail] Invalid UTF-8 Characters In-Reply-To: <49004A3E.1000801@gmail.com> References: <48FF6A56.3090209@gmail.com> <48FF7309.4010000@mozilla-enigmail.org> <48FFC847.4030206@gmail.com> <49002713.30000@mozilla-enigmail.org> <49004A3E.1000801@gmail.com> Message-ID: <4901BA54.70809@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cristian KLEIN wrote: > Patrick Brunschwig a scris: >> Cristian KLEIN wrote: >>>> Hi Cristian, >>>> >>>>> I'm the maintainer of the ro_RO locale for Enigmail. Recently I observed >>>>> that the message for prefGood ( Semntur bun de la %S ) from >>>>> enigmail.properties, which contains UTF-8 characters, is rendered >>>>> incorrectly in Thunderbird running in Ubuntu Intrepid. >>>>> >>>>> More exactly,  is rendered as a box containing 0003. This message >>>>> appears above a message in Thunderbird's main window, or when >>>>> double-clicking the envelope icon. >>>>> >>>>> Interestingly, other messages, such as keyAndSigDateID ( Semnat ?n ) and >>>>> securityInfo ( Informaii de securitate OpenPGP ) are rendered >>>>> correctly. >>>> usually a box showing the Unicode number only appears when the font used >>>> doesn't contain the letter requested, instead the Unicode number is >>>> shown. >>>> However, without having checked, I doubt that the code of  is 0003. >>>> In short: no idea. >>> Am I really the only one experiencing this problem? I observed that >>> beginPgpPart is also rendered distorted. Also, when I replied to this >>> message while Enigmail was active, all the special characters ( ? >>> etc.) where distorted? So, I don't think its a simple localisation issue. >>> Also, I have observed that the messages go to different objects >>> (statusText in one case, errorObjMsg in another). Is there some kind of >>> difference between the two? >> Where precisely in the code? Both variables are used quite frequently. > > The following code is taken from components/enigmail.js:3207 > > if (goodSignature) { > errorMsgObj.value = trustPrefix + EnigGetString("prefGood",userId) > > I tried to play around a bit, deleting trustPrefix and changing > ?prefGood?. If I delete trustPrefix and add ??????? to prefGood, the > message is rendered correctly. The problem is actually that the string is decoded twice from UTF-8 to the Mozilla-internal format. It's definitely a bug in Enigmail. What is interesting though is that it doesn't occur on all my test messages; for several messages, I see no problem at all, but for some the text is not decoded properly. - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBSQG6U3cOpHodsOiwAQJ1Bgf+Lk3yPkaiK84m5UltMzX3pL4oUqUJSBeV vdqioHWTxVRN9Bgu/rTAg+73NJ3zrV7jl2q7Du/NGjHkvyhfQhq5w8xO7uHstX2/ 8DEAaSgYFG15D76XwzUT31027b7dnTzSKniBLwLrCDA/H0uTnx09K9FYM5Zn3dv+ 02lqLbyoS1h/XyRkN6pznKQ0KfVT7ata1hWcelidKXjaF398W0MBraMkmnde7Mwc j4TR2mNCrH2on1l1Bk3kIWOPXmV27qLHoYTqaQc1gm3DwkNeNjT02Z0d1EBEun6o pIf9owpu8CMf3x+d22v5MzE9sRrL3QSfMyEo9yVBy2PNqyHEfK9g7w== =T88O -----END PGP SIGNATURE----- From chd at chud.net Fri Oct 24 09:26:28 2008 From: chd at chud.net (Chris De Young) Date: Fri, 24 Oct 2008 09:26:28 -0700 Subject: [Enigmail] about: tb extension when sending a mail. In-Reply-To: <561618ad0810231910o4474c814y53d44b459a7d4723@mail.gmail.com> References: <561618ad0810231910o4474c814y53d44b459a7d4723@mail.gmail.com> Message-ID: <4901F734.4080208@chud.net> hao.guang wrote: > I'm a newer to TB *extension, I met a question in my project about tb > extension. the problem : when send a mail, would you tell me how to get > a chance to add my Encrypt/sign to the mail. By "TB extension" do you mean a Thunderbird extension, of which Enigmail is one (of many), and how do you enable it? If so, after Enigmail is installed, Tools --> Account Settings --> OpenPGP Security Check the box "Enable OpenPGP support for this identity", then check the other boxes as appropriate to match your references for sign-by-default, encrypt-by-default, etc. -C -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature URL: From easthg at gmail.com Fri Oct 24 09:59:58 2008 From: easthg at gmail.com (hao.guang) Date: Sat, 25 Oct 2008 00:59:58 +0800 Subject: [Enigmail] about: tb extension when sending a mail. In-Reply-To: <4901F734.4080208@chud.net> References: <561618ad0810231910o4474c814y53d44b459a7d4723@mail.gmail.com> <4901F734.4080208@chud.net> Message-ID: <561618ad0810240959p79c0421bsd0aa359fa622dc4a@mail.gmail.com> ///////////////////////////////////////////////////////////////////////////////////////// thanks for your answer ! yes, I want to realize a Thunderbird extension(xpcom in c++ ), I download the souce of enigmail, but I don't know how to realize it when sending a mail. in my c++ xpcom, how to get the change to modify the mail for Encrypt/sign to the mail. any help would be appreciated. ////////////////////////////////////////////////////////////////////////////////////////// By "TB extension" do you mean a Thunderbird extension, of which Enigmail is > one > (of many), and how do you enable it? > > If so, after Enigmail is installed, > > Tools --> Account Settings --> OpenPGP Security > > Check the box "Enable OpenPGP support for this identity", then check the > other > boxes as appropriate to match your references for sign-by-default, > encrypt-by-default, etc. > > -C > > > _______________________________________________ > Enigmail mailing list > Enigmail at mozdev.org > https://www.mozdev.org/mailman/listinfo/enigmail > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From chsriram at gmail.com Wed Oct 29 20:21:41 2008 From: chsriram at gmail.com (Ram Chadalavada) Date: Wed, 29 Oct 2008 20:21:41 -0700 Subject: [Enigmail] Cannot add enigmail to thunderbird on Fedora 9 x86 64 Message-ID: I see the following message: ...could not be installed because it is not compatible with your Thunderbird build type (Linux_x86_64-gcc3). Please contact the author of this item... I am assuming this is the right forum to ask this question. If not, I would appreciate if someone could provide directions to the right one? Thanks, Ram From olav at mozilla-enigmail.org Fri Oct 31 00:06:29 2008 From: olav at mozilla-enigmail.org (Olav Seyfarth) Date: Fri, 31 Oct 2008 08:06:29 +0100 Subject: [Enigmail] Cannot add enigmail to thunderbird on Fedora 9 x86 64 In-Reply-To: References: Message-ID: <490AAE75.9090306@mozilla-enigmail.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Ram, > I am assuming this is the right forum to ask this question. If not, I > would appreciate if someone could provide directions to the right one? Welcome to the Enigmail user mailing list. You're fine here for all questions and discussions on Enigmail. > I see the following message: > ...could not be installed because it is not compatible with your > Thunderbird build type (Linux_x86_64-gcc3). Please contact the author of > this item... you probably downloaded your file from addons.mozilla.org. If you would have accessed it through enigmail.mozdev.org, you would have seen the text that is displayed on http://enigmail.mozdev.org/download/index.php if one selects Linux (32bit): The builds provided on this web page only work together with the standard releases of Thunderbird and SeaMonkey by mozilla.org. If you use Thunderbird or SeaMonkey as provided by your distribution, then you also have to use Enigmail provided by that distribution. => Either use disto packages -or- downloaded builds for _both_ TB+EM. Then it should work. Olav -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Diese ist eine Digitale Signatur nach OpenPGP-Standard Comment: Weitere Informationen: http://privat.seyfarth.de/olav/schluessel.html iEYEAREIAAYFAkkKrnQACgkQL/NBt8fdKe3PiwCeLBGYSZRKEk/w9jpoDbQ7rjY6 p3EAoKdZ09pKrGfIBC0Kv14KDZ10pUz5 =yb/t -----END PGP SIGNATURE----- From Liste at FamilleCollet.com Fri Oct 31 00:37:05 2008 From: Liste at FamilleCollet.com (Remi Collet) Date: Fri, 31 Oct 2008 08:37:05 +0100 Subject: [Enigmail] Cannot add enigmail to thunderbird on Fedora 9 x86 64 In-Reply-To: References: Message-ID: <490AB5A1.5040609@FamilleCollet.com> Ram Chadalavada a ?crit : > I see the following message: > ...could not be installed because it is not compatible with your > Thunderbird build type (Linux_x86_64-gcc3). Please contact the author of > this item... > > I am assuming this is the right forum to ask this question. If not, I > would appreciate if someone could provide directions to the right one? You can check my little repo : http://blog.famillecollet.com/post/2008/08/13/thunderbird-enigmail-0957 You'll find RPM of the lastest thunderbird-enigmail for Fedora >= 4 and for all arch available (i386, x86_64, ppc and ppc64). It doesn't seems possible to have it in the official repository. Remi. > > Thanks, > Ram > _______________________________________________ > Enigmail mailing list > Enigmail at mozdev.org > https://www.mozdev.org/mailman/listinfo/enigmail > From chsriram at gmail.com Thu Oct 30 15:20:16 2008 From: chsriram at gmail.com (Ram Chadalavada) Date: Thu, 30 Oct 2008 15:20:16 -0700 Subject: [Enigmail] Cannot add enigmail to thunderbird on Fedora 9 x86 64 In-Reply-To: References: Message-ID: Remi Collet wrote: > Ram Chadalavada a ?crit : >> I see the following message: >> ...could not be installed because it is not compatible with your >> Thunderbird build type (Linux_x86_64-gcc3). Please contact the author of >> this item... >> >> I am assuming this is the right forum to ask this question. If not, I >> would appreciate if someone could provide directions to the right one? > > You can check my little repo : > http://blog.famillecollet.com/post/2008/08/13/thunderbird-enigmail-0957 > > You'll find RPM of the lastest thunderbird-enigmail for Fedora >= 4 and > for all arch available (i386, x86_64, ppc and ppc64). > > It doesn't seems possible to have it in the official repository. > > Remi. > >> Thanks, >> Ram >> _______________________________________________ >> Enigmail mailing list >> Enigmail at mozdev.org >> https://www.mozdev.org/mailman/listinfo/enigmail >> > > Remi, Keep up the excellent work in maintaining the repository and for the prompt response. I am curious what you mean by 'doesn't seem possible' to have it in the official repository. Cheers, Ram