On 25.09.2008 20:12, Bryan W Clark wrote:
> TB3 can upgrade to a secure connection as soon as the server supports
> it and then should continue to use that secure connection as it's
> default. ... There are some user interaction issues that need to be
> worked out for the upgrade, how to notify the users (if at all) of the
> upgrade can be discussed later.
You think so? As far as I know, we're past string freeze (but can get an
exception) and nearing feature freeze for TB3, so we need to implement
this ASAP.
> For (2) the new account configuration page
Yeah, that's clear.
There's a third spot, though: The Account Manager. The user can manually
change the settings. What do we do there?
Please see my post <[EMAIL PROTECTED]> (next
higher up post by me).
Another option would be to just drop ("Use secure connection:") "Never" and
rename "TLS, if available" to "No security". I think that's what you
implicitly suggestioned. That would remove the confusion of having both
"Never" and "No security", but would also remove the option of manually
disabling STARTTLS, e.g. in case a server or proxy misbehaves. I don't
know how common that is, and I have not seen a case yet, so personally,
I'm fine with removing that from the UI (it would still be available as
backend pref via config editor / prefs.js).
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
