Thunderbird Will Start Using OpenPGP Encryption in 2020

The developers of Thunderbird, one of the most-used free email clients in the world, plan to implement OpenPGP support in 2020.

Thunderbird used to be made by Mozilla, but the company dropped it a few years ago, and the community took over the project. The email client is still using some of Firefox’s infrastructure.

Since Thunderbird is an open-source and cross-platform email client, it would make sense to bundle GnuPG software, but the differences in licenses make that impossible (MPL version 2.0 vs. GPL version 3+).  The devs have to look for another solution, and the only to make it work is to add OpenPGP.

Thunderbird users until now only had the option to adopt an add-on called Enigmail, which provides data encryption for both the email client and SeaMonkey. When Thunderbird migrates to a newer code, though, the Enigmail add-on will stop working.

“We intend to identify and use another existing library that provides support for creating and processing OpenPGP messages, and we will try to reuse parts of Enigmail that aren’t specific to GnuPG. However, we’ll need to rethink several aspects, from user interface to trust models, to key management and key exchange,” explained the developers.

The 2020 timeframe gives the Thunderbird team ample time to come up with a working solution that covers the existing Enigmail, for which there are more than plenty. Enigmail developer Patrick Brunschwig is also helping the Thunderbird development team make the switch.

Mozilla Thunderbird 78 is expected to arrive in the summer of 2020, and the existing 68.x branch will be actively maintained until autumn 2020.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Silviu STAHIE. Read the original post at: