[Enigmail] pep-json-server

Hi there,

I just noticed that whenever I open Thunderbird (60.7.0) having
Enigmail enabled (2.0.12) a new process is spawned by a binary from
inside the profile directory (pep-json-server).

It seems to be some kind of HTTP API server, but I wasn't able to find out more.

Do you also have the same process listening?

What is it, and why do Enigmail need it

I don't mind if Enigmail needs a server listening on localhost, but it
seems that exiting Thunderbird does not kill the pep-json-server
process, which is tedious.

Is this desired behaviour?

Thanks in advance
Cheers

If you use Enigmail in the "pEp Junior Mode", then the pep-json-server
is started. The pep-json-server is the pEp Engine that provides the JSON
API (over localhost http), which delivers all functionalities of pEp
(such as encryption, decryption, security level, trustwords, ...).

The pep-json-server is intended to be a daemon and does not need to be
stopped just because Thunderbird quits. Enigmail will reconnect to a
running pep-json-server if you restart Thunderbird, and other
applications using the same API could also connect to the same
pep-json-server. Thus, yes it's desired to work like this.

Hi,

the above is a conversation I started on the Enigmail mailing list
(https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net).
Enigmail is a popular Mozilla Thunderbird extension that adds encryption
capabilities to it. I just forwarded this message to the LUGBZ list
because I am interested in your thoughts.

In my opinion, daemons shold be managed by the user's init scripts, and
shouldn't be started by a single program. Having everything centralized
allows me to easily keep track of things, like failures, logs, etc.

Furthermore, I think a "plugin for a mail client" that starts a network
daemon is going far beyond what I consider reasonable for a piece of
software catalogued as such. Are you aware of any other software that
autonomously starts a dependency in the same way?

Finally, from what I can read here
https://pep.foundation/blog/enigmail-2-with-pretty-easy-privacy-pep-support-by-default-for-new-users/,
the development team plans to implement "KeySync" - which I never heard,
to allows users to:

easily transfer your secret key material across different devices for

a specific email account running on any other device you use with that
address (e.g., for an email address used in parallel in Android, iOS,
Outlook or any other instance of Thunderbird).

Hmmmm,... I don't know if I like it. Give that the developers of
Enigmail did not give me the possibility to configure in any way their
pep-json-server (for example binding on another port) I suspect they
won't either allow me to disable this feature, if I wish.

I still have to "digest" all of this... I also need additional research
to understand some things. Crypto stuff isn't so easy after all.

Cheers
Giulio