Skip to content

Document Autocrypt

We are not very happy about Autocrypt. As we have a different audience in mind, than the creator of Autocrypt. We should communicate this to users. Maybe we can use the personas for whom Autocrypt is a great thing, and for whom not.

Arguments:

  • it sometimes leads to send unencrypted mails (if you are not very watchfull)
  • it can be broken by MitM attacks (not working for thunderbird atm, as it does not use any new key advertized by Autocrypt)
  • but very easy to use (no need to send keys, keep them updated etc.( in theory see point above) )
  • better than send unencrypted messages
  • implement a proper secure way to exchange private key between your devices, can be used without using the rest of Autocrypt

Related issues

Original created by @Hefee on 16223 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information