(let me know if there is a more appropriate support forum for this issue)
Trying out Thunderbird Portable (1.5.0.10) to see if easy-to-use secure email is finally here. Well, not quite.
I downloaded the Thunderbird+Enigmail+GPG version and went through the rather cumbersome process of getting a Thawte account and a certificate.
Signing works only for ASCII messages, which will be a major problem in many languages. If I add just a single non-ASCII character (like 'å'), then Thunderbird on the receiving side reports that the message has been altered after sending (but the copy stored in the local Sent folder checks out OK).
Did anyone else experience this? I'd be most grateful if someone could try sending a test message with an 'å' in it to yourself in a signed message, and post the results here to confirm the problem.
I tried this with two very different accounts, so I would think this is a Thunderbird issue rather than a problem with the receiving accounts. Regardless of whether it is Thunderbird or some server in between that is recoding international characters, I think the signing and verification procedures should work on "normalized" encodings, completely avoiding the problem.
Further gripes not directly related to this problem follow, they can safely be skipped.
- The process of getting a certificate from Thawte to Firefox and then Thunderbird is rather involved. I think this must improve a lot if mainstream users are to start using secure email (and they should).
- A certificate with the real name in it would be required for main-stream use (the reasons why the name is not there for not-yet-trusted users are well-explained).
- I think that Thawte Web-of-Trust is merely asking for trouble, as it seems nothing prevents just about anyone from becoming notaries, and then authorizing any number of bogus certificates. I will stick with the email-address-only certificate, until I get a full email-only certificate from my bank or government.
I tried to duplicate your problem and I couldnt.
I signed and encrypted a message with your "å" and everything worked.
But it was a normal gpg key as I never heard of Thawte before.
"There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!" - Richard P. Feynman
"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate
If the problem is some recoding of international characters by servers, encrypting the message obviously removes the problem. I would like to have signing turned on by default (with no encryption), in order to promote the use of secure email to users who might have just the right software to notice it. In order to do so, I must become confident that signing and verification works for all combinations of email servers and recipients.
If I understand the documentation correctly a self-signed GPG key will not provide zero-effort verification for the receiver; for that I do need a certificate from a generally recognized Certifcate Authority like Thawte.
Simeone (and others):
Could you please (re)test by sending a signed but NOT encrypted message to yourself, with an 'å' character in it and report back here if it arrives as a correctly signed message or not? I appreciate it!
correctly. I got the correctly signed 'å'.
I think its a Thawte certificate limitation.
And BTW, its Simeon.
"There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!" - Richard P. Feynman
"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate
Seems like a Thawte certificate limitation.
Vintage!