(let me know if there is a more appropriate support forum for this issue)
Trying out Thunderbird Portable (126.96.36.199) to see if easy-to-use secure email is finally here. Well, not quite.
I downloaded the Thunderbird+Enigmail+GPG version and went through the rather cumbersome process of getting a Thawte account and a certificate.
Signing works only for ASCII messages, which will be a major problem in many languages. If I add just a single non-ASCII character (like 'å'), then Thunderbird on the receiving side reports that the message has been altered after sending (but the copy stored in the local Sent folder checks out OK).
Did anyone else experience this? I'd be most grateful if someone could try sending a test message with an 'å' in it to yourself in a signed message, and post the results here to confirm the problem.
I tried this with two very different accounts, so I would think this is a Thunderbird issue rather than a problem with the receiving accounts. Regardless of whether it is Thunderbird or some server in between that is recoding international characters, I think the signing and verification procedures should work on "normalized" encodings, completely avoiding the problem.
Further gripes not directly related to this problem follow, they can safely be skipped.
- The process of getting a certificate from Thawte to Firefox and then Thunderbird is rather involved. I think this must improve a lot if mainstream users are to start using secure email (and they should).
- A certificate with the real name in it would be required for main-stream use (the reasons why the name is not there for not-yet-trusted users are well-explained).
- I think that Thawte Web-of-Trust is merely asking for trouble, as it seems nothing prevents just about anyone from becoming notaries, and then authorizing any number of bogus certificates. I will stick with the email-address-only certificate, until I get a full email-only certificate from my bank or government.