I suggest you ...

PGP Support

Please offer support for PGP to communicate with non Tutanota users.

1,061 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Nico shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    AdminTutanota Support (Admin, Tutanota) responded  · 

    Thank you all for your feedback. Please let us explain in more detail why we don’t plan to add pgp-support at the moment:

    Current encryption standards like pgp and S/MIME have several issue that we plan to address with Tutanota. These standards do not support forward secrecy and are not resistant to attacks from quantum computers.

    In addition, it is important to us that the subject line in emails is also encrypted. That’s why we have developed a solution that is also based on recognized algorithms (RSA and AES) and that automatically encrypts the subject, the content and the attachments. In the future, we plan to upgrade these algorithms to quantum-resistant ones that also support forward secrecy.

    We also see the importance that Tutanota needs to be interoperable with other encryption solutions. We will develop an API so that Tutanota users can communicate with users of other secure services confidentially in the future.

    53 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Emile Pesik commented  ·   ·  Flag as inappropriate

        Well, ProtonMail already has my money, but sadly they don't multiple accounts in the same client. This brought me to Tutanota as I need separate email accounts on separate domains (which they don't support either!).

        ProtonMail offer full PGP support, and the ability to exchange encrypted messages with users on other services is essential.

        All a proprietary solution achieves is another walled garden, something we need fewer of, not more! Messenger only works between Facebook users, Facetime only works between Apple users, Hangouts (or whatever they change to _this_ time) only works between Google users, but encrypted emails work both between ProtonMail users and users on other services that emply OpenPGP.

        This, together with the lack of support for multiple accounts, means I will now have to reconsider signing up for a paid Tutanota account :-(

      • Grompa commented  ·   ·  Flag as inappropriate

        At the moment I am waiting for:

        a) tutanota supporting PGP
        or
        b) protonmail lowering its price to <30€ per year

        The first one who achieve this, will get my money. But at the moment I will stay with an traditional email provider and simply use PGP.

      • Petros commented  ·   ·  Flag as inappropriate

        All nice and well, but I would take PGP over unencrypted emails. Your Swiss competitors seem to have understood the need and have implemented the change already.

      • Anon Im commented  ·   ·  Flag as inappropriate

        That's all nice and well - but there are thousands of PGP users out there who simply don't care. We need a way to communicate with them and decrypt their emails, so why not just fucking add this - since we're paying you, and stop trying to push your own agenda? Nothing is stopping you from continuing Tutanota as you see fit - we just ask for PGP SUPPORT not PGP-by-default.

      • Markus commented  ·   ·  Flag as inappropriate

        Dear Ladies and Gentlemen

        Would you please implement PGP?

        Sincerely

        Markus

      • Anonymous commented  ·   ·  Flag as inappropriate

        We understand, however we'd like to be able to use PGP with people that use other e-mail providers who we can't have a secure way to exchange a symmetric key with.

        I absolutely love what Tutanota is doing about the e-mail crypto problem, and I understand that PGP has its own flaws and isn't perfect, but it's the de facto PGP standard of today.

        When everyone's ready for a better system, that's gonna be awesome. But would be awesome to have built in PGP support (specially PGP/MIME) in the meantime.

      • JH commented  ·   ·  Flag as inappropriate

        I am a premium user of tutanota since 2016. I understand all the arguments from tutanota but currently I am just using tutanota for a secure and encrypted mailbox in the cloud. None of my contacts so far have a secure mailbox and would not be happy to start reading my e-mails using a password on tutanota.com. As a results I am not able to use any of the encryption options. By default I am sending e-mails unencrypted. I do not like the fact that the only option left is unencrypted e-mails. I recently came across https://encrypt.to which is using pgp and which in my eyes is one little step further in bringing encryption and secure e-mail to the mass. However there is still a long way to go. Any initiative to be more open and support interoperability will help.

      • Tutanota Contributor commented  ·   ·  Flag as inappropriate

        +Note:
        I had to find other solutions for PGP communication... There was a service for 12EUR/month, and there was an other one for free. Now I have sever different e-mail providers, but I pay none of that, because there is simply no single one which has all the important features.

        This is just a hint, I know, you work hard, but when these features need years to develop, people get bored of waiting, and switch.

        I understand, that PGP is not perfect, but maybe it would be easier to integrate an already existing tool, than build your own for years, and lose customers with that.
        It would be great, if Tutanota worked in Thunderbird with PGP.

      • Anonymous commented  ·   ·  Flag as inappropriate

        >@Tin Man: We will make Tutanota interoperable! But not based on classic PGP...

        so basicly you will invent yet another "standard" to write to people outside of tutanota? Sure PGP is not perfect but its the biggest and most used standard yet.

        This won't solve the "island"/walled garden problem.

      • Tutanota Contributor commented  ·   ·  Flag as inappropriate

        "There are several "islands" Tutanota, Hushmail, Protonmail, Silent Circle, various PGP and S/MIME, Startmail, etc. (Telegram, TextSecure (WhatsApp), Wickr,...) but few of them can communicate with each other. If you can connect them together the sum is much greater than the parts. I have correspondents in the various islands, but no secure mail gets sent because they are often in different ones."

        This is very true, many times you have no chance to exchange passwords in a 2nd secure channel, nor timed destruction for mail exists here (unlike in protonmail), so youre forced to send mails to privacy invading providers. Since Tutanota only operates in English, many people who speak other languages, can not even switch.

      • TA commented  ·   ·  Flag as inappropriate

        ...and yes, despite it's weaknesses, properly used pgp is still the largest secure mail system out there. If I know the proper key for a contact, I would like to be able to add it in my contacts and - after being warned about the potential problems - send pgp encrypted mail.

        At least enable receiving and verifying pgp emails - done properly with rotating sub-keys etc. What's the logic behind forcing experienced secure mail users to go plaintext because I'm using a secure email service.

      • TA commented  ·   ·  Flag as inappropriate

        RSA? How is that resistant to attacks from future quantum computers? Please reconsider this and add switch to proper post-quantum crypto. Maybe djb's nacl for everything else.

      ← Previous 1 3

      Feedback and Knowledge Base