Johnathan Nightingale wrote: > [...] > - We should turn it ON by default on non-secure connections, because > even though we know full well that the connection is subject to > subversion, we have a nearly-free way to marginally reduce the attack > surface in the background. > - And yes, there should be some way to turn it off in case you have an > ancient or broken server that's confused by STARTTLS requests
I'm happy we can agree on this point, it makes me hope someday you'll see the light about why the current handling of SSL errors in Fx3 is far from perfect (first by realizing that there's *not* only the proponents of self-signed certs in that camp). The options should read : [ ] require STARTTLS [ ] disable STARTTLS With none of the two enabled by default. Getting "require STARTTLS" automatically enabled if the initial connexion was succesfully in STARTTLS mode would be good. Maybe "require secure mode (STARTTLS)" and "disable secure mode (STARTTLS)" would be even better for the average user ? _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
