[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #6740 [TorBirdy]: provide opt-out from security.ssl.require_safe_negotiation=true ?

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #6740 [TorBirdy]: provide opt-out from security.ssl.require_safe_negotiation=true ?
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Fri, 31 Aug 2012 22:35:33 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 31 Aug 2012 18:35:43 -0400
In-reply-to: <046.148534609d109d89e3f41ab5fbbd55ba@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.148534609d109d89e3f41ab5fbbd55ba@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#6740: provide opt-out from security.ssl.require_safe_negotiation=true ?
-------------------------+--------------------------------------------------
 Reporter:  tagnaq       |          Owner:  ioerror
     Type:  enhancement  |         Status:  new    
 Priority:  normal       |      Milestone:         
Component:  TorBirdy     |        Version:         
 Keywords:               |         Parent:         
   Points:               |   Actualpoints:         
-------------------------+--------------------------------------------------

Comment(by sukhbir):

 We couldn't test Yahoo with TorBirdy because their free service doesn't
 allow POP/IMAP access. I am guessing, had this been an issue with other
 free mailers, we would have probably heard from someone else by now.

 As far as the AMO review is concerned, even if we allow the user to toggle
 this single preference, this would just be one of the many security and
 network related preferences the AMO wants us to have an opt-out for, so
 let's not worry about that yet ;)

 So the question is, given that this is an important security setting,
 should we have a special case for free mailer services such as Yahoo
 __or__ should we force the user to upgrade to a more secure service?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6740#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #6740 [TorBirdy]: provide opt-out from security.ssl.require_safe_negotiation=true ?
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #1517 [TorBrowserButton]: Provide JS with reduced time precision
Next by Author: Re: [tor-bugs] #6732 [Tor Client]: tor man page lists $datadir/cached-status/ but no consensus or microdesc-consensus
Previous by thread: [tor-bugs] #6740 [TorBirdy]: provide opt-out from security.ssl.require_safe_negotiation=true ?
Next by thread: [tor-bugs] #6741 [Vidalia]: Vidalia not-responding after minute of working
Index(es):
- Author
- Thread