Paranoia - A Thunderbird addon for surfacing Received: encryption info

Discussion in 'other software & services' started by TheWindBringeth, Jul 19, 2014.

Thread Status:
Not open for further replies.
  1. TheWindBringeth

    TheWindBringeth Registered Member

    Feb 29, 2012
    I recently learned of this:

    It parses email headers, looking for Received: line info that reflects encryption, and displays a graduated happy/sad face based on how many exchanges appear to have been encrypted. The face can be clicked on for summary info. I think there are some issues...

    - Systems which use encryption but don't insert the header information
    - Detection logic appears to need improvement
    - Reporting could be improved to surface more info where available (ciphersuite, verify, ...)
    - Received lines are inserted by receiving systems and thus encryption information for sent messages can't be bubbled up to the user via this approach (remember that).
    - Server certificates often aren't verified and self-signed certificates are pretty common, so you have to factor that in.
    - Emails can be compromised via the server(s) rather than the connection between servers too.

    I do like the idea of email clients surfacing more info though! Such projects would seem to have potential.
  2. tlu

    tlu Guest

    Nice find - thanks!
Thread Status:
Not open for further replies.