Re: TLS, if available in Thunderbird

2008-09-18 Thread Nelson Bolyard
Ben Bucksch wrote, On 2008-09-17 13:55: Thunderbird currently has the SSL options: Never (plain), TLS, if available, TLS (always), and SSL (always), for incoming IMAP/POP3 and outgoing SMTP servers (with slightly different UI wording). TLS is basically SSL version 3. Damn! Those old wrong

Re: TLS, if available in Thunderbird

2008-09-18 Thread Johnathan Nightingale
On 17-Sep-08, at 4:55 PM, Ben Bucksch wrote: I don't think the TLS, if available is important anymore, and is dangerous. Therefore, I propose to remove it from the UI in the Account Manager as well. It could stay as backend pref for edge cases and existing users - the Account Manager UI

Re: TLS, if available in Thunderbird

2008-09-18 Thread Jean-Marc Desperrier
Johnathan Nightingale wrote: [...] - We should turn it ON by default on non-secure connections, because even though we know full well that the connection is subject to subversion, we have a nearly-free way to marginally reduce the attack surface in the background. - And yes, there should be