Thunderbird, RNP, and the Importance of a Good API (opens in new tab)

I really wish that the article did not use the old EFAIL thing. Is that really the worst aspect of the GnuPG API? From that one might get the impression that the API must be pretty awesome if everyone keeps bringing up something that is, after all, a legitimate difference of opinion.

> About two years ago, Thunderbird decided to integrate Enigmail into Thunderbird and simultaneously replace GnuPG with RNP. That Thunderbird has selected RNP is not only an endorsement of RNP, but it means that RNP became perhaps the most used OpenPGP implementation for mail encryption.

Firefox is sorta doing this too, baking in the functionality of addons so we don't have to install addons and keep them updated (which is also a security risk since addon authors are usually tempted to change the ownership of the codebase and introduce bad actors). You can run firefox now with their HTTPS-Only mode, aswell as block tracking attempts with 'strict mode'. You can even spoof the useragent with the `resistFingerprinting` flag which is awesome.

I'm pleased to read that Octopus has "gpg integration", but regardless of which OpenPGP implementation Thunderbird uses, I hope that there can be more convergence with the Autocrypt standard.

The differences seem to be mostly philosophical right now[0], so maybe someone will come up with a UX for opportunistic encryption that the Thunderbird team is comfortable with, and/or future versions of Autocrypt will support modes of operation that overlap with Thunderbird's approach.

[0] https://support.mozilla.org/en-US/kb/openpgp-thunderbird-how...