Ulrich Boche wrote:
Token security is no security. Therefore I support the standpoint of the
Mozilla development team.
And ... Unused security is no security.
Security then exists somewhere between the extremes
of convenience and heavy duty.
Stretching an analogy here: Discussions over the last
6 months led to a Mozilla policy that the the browser
should be delivered set up for the user that does not
fiddle with the settings. That is, security should
be the best for that user, and experienced users can
be left to adjust any weaknesses.
That was for the browser, and its root list. If the
team were to apply that logic to Thunderbird, the
situation is reversed: Thunderbird is delivered with
no security for the default user. They have to undergo
the same configuration nightmare that experienced users
do in order to use the crypto features.
So the question is: is the policy one of general
application, and should it apply to Thunderbird?
Restated:
Should Mozilla's mission be to protect the default-
settings user?
And, how would one configure Thunderbird to protect
the basic user?
iang
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
