Enigmail & format=flowed

I decided it was time to restore my ability to sign/encrypt e-mail.


Enigmail defaults to inline PGP signatures (to mollify Outlook Express). In order to prevent sending inline signatures with format=flowed, Enigmail does overkill. It changes the Thunderbird default preference mailnews.send_plaintext_flowed from true to false. This makes all messages you send with Thunderbird fail to line-wrap for my recipients. I find it rude to knowingly send harder-to-use messages to my recipients (some of whom are mailing lists read by hundreds or thousands of people). So I set that preference back to true (Preferences => Advanced => General => Config Editor), and made sure to use PGP/MIME (Account Settings => OpenPGP Security => Use PGP/MIME by default). I can afford to use PGP/MIME since none of the people I'm sending signed messages to use Outlook Express. It's not perfect, but it's strictly better than no ability to sign/encrypt email at all, and it suffices for my present needs. (This possibility also allows my Thunderbird-using relatives who have the same politeness concern, but are not cypherpunks, to use Enigmail.)

Update (Sept 2013): Upgrading Thunderbird (or maybe Enigmail) silently set mailnews.send_plaintext_flowed back to false. I had to manually set it back to true again. Unhappiness.

Hint: When using Enigmail, remember to ignore the "Security" tab in account settings in favor of the "OpenPGP Security" tab.

Note: A non-web-based client (such as Thunderbird) is essential to get the full security benefits of PGP email.

Please correct me if I missed something. Wrong information about cryptography is terrible.

My key ID: 0x17062391

Fingerprint: AC5B DA24 40BD BF34 C4C7 DCF3 9ADC 2732 1706 2391

Corresponding e-mail address: I'm not listing it here, but you can search my for name or domain on a keyserver such as http://pgp.mit.edu/.1

  1. I'm curious to see how long it will take spammers to harvest this e-mail address from the keyservers, so I made an address specially for usage with OpenPGP. It is somewhat irritating that the OpenPGP milieu trades away anonymity and privacy just to get authenticity and secrecy. OTR for example makes trade-offs that are more suitable for communicating with friends, but it's specific to IM and is slightly hacky and fragile. PGP can be used without keyservers, but that can be a nuisance and still involves certain tradeoffs.