On Saturday 20 September 2008, Ben Bucksch wrote:
> The important part is "treat 'TLS, if available' like unsecured in the
> UI", though. We can't say "Automatic" or anything else that suggests
> that people may be secure (because they not, even if STARTTLS works at a
> given moment, because it may not work in 5 minutes).
>
> How do we do that (in the Account Manager), and still differentiate this
> option to the manually turned off SSL ("Never")?I believe that kmail's approach works better (?) in this case w.r.t. the end-user. It doesn't alter its behaviour at run-time but it has a 'check what server supports' button. This way, the auto-detection is performed once (during configuration) and the user is immediately notified. Based on other comments, I don't see how an altering behaviour may be considered secure. Perhaps an upgrade-only behavior (for the automatic option) would be more secure: If it ever detects STARTTLS support then it would just upgrade to TLS and keep it like that. Also, all these could be replaced by a notification box that is shown whenever the user selects no encryption but TB detects STARTTLS (perhaps with a valid certificate). It can then ask the user for upgrading to TLS and automatically change the configuration setting (STRATTLS). This can also be used in the 'Never' case (with a don't ask me again checkbox), so that the 'Never' and the 'Insecure' options will actually become one. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
