[tor-bugs] #6740 [TorBirdy]: provide opt-out from security.ssl.require_safe_negotiation=true ?
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Aug 31 22:35:33 UTC 2012
#6740: provide opt-out from security.ssl.require_safe_negotiation=true ?
-------------------------+--------------------------------------------------
Reporter: tagnaq | Owner: ioerror
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: TorBirdy | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by sukhbir):
We couldn't test Yahoo with TorBirdy because their free service doesn't
allow POP/IMAP access. I am guessing, had this been an issue with other
free mailers, we would have probably heard from someone else by now.
As far as the AMO review is concerned, even if we allow the user to toggle
this single preference, this would just be one of the many security and
network related preferences the AMO wants us to have an opt-out for, so
let's not worry about that yet ;)
So the question is, given that this is an important security setting,
should we have a special case for free mailer services such as Yahoo
__or__ should we force the user to upgrade to a more secure service?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6740#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list