[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #6740 [TorBirdy]: provide opt-out from security.ssl.require_safe_negotiation=true ?



#6740: provide opt-out from security.ssl.require_safe_negotiation=true ?
-------------------------+--------------------------------------------------
 Reporter:  tagnaq       |          Owner:  ioerror
     Type:  enhancement  |         Status:  new    
 Priority:  normal       |      Milestone:         
Component:  TorBirdy     |        Version:         
 Keywords:               |         Parent:         
   Points:               |   Actualpoints:         
-------------------------+--------------------------------------------------

Comment(by sukhbir):

 We couldn't test Yahoo with TorBirdy because their free service doesn't
 allow POP/IMAP access. I am guessing, had this been an issue with other
 free mailers, we would have probably heard from someone else by now.

 As far as the AMO review is concerned, even if we allow the user to toggle
 this single preference, this would just be one of the many security and
 network related preferences the AMO wants us to have an opt-out for, so
 let's not worry about that yet ;)

 So the question is, given that this is an important security setting,
 should we have a special case for free mailer services such as Yahoo
 __or__ should we force the user to upgrade to a more secure service?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6740#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs