296598 - Allow for advanced challenge/response authentication (optical flickering)

Status: UNCONFIRMED

(Thunderbird :: Security, enhancement)

Description

[Ralf Hauser]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

Once that Bug 249240 is fixed, it will be possible to use this for challenge
response protocols (provided the server error message is displayed).

Modern devices, however, do not require the user to copy the challenge by typing
off the challenge from the screen. It should be possible to use more advanced
forms such as flickering as per http://axsionics.com/s_optical_interface.html

Reproducible: Always



Expected Results:  
An easy way would be to interpret for example the first four letters of the POP
server error string sent back and start a challenge-display-plugin (better even
a default shipped flickering viewer)

Comment 1

[Ralf Hauser]

see also Bug 268835

Comment 2

[Gervase Markham [:gerv]]

This is an automated message, with ID "auto-resolve01".

This bug has had no comments for a long time. Statistically, we have found that
bug reports that have not been confirmed by a second user after three months are
highly unlikely to be the source of a fix to the code.

While your input is very important to us, our resources are limited and so we
are asking for your help in focussing our efforts. If you can still reproduce
this problem in the latest version of the product (see below for how to obtain a
copy) or, for feature requests, if it's not present in the latest version and
you still believe we should implement it, please visit the URL of this bug
(given at the top of this mail) and add a comment to that effect, giving more
reproduction information if you have it.

If it is not a problem any longer, you need take no action. If this bug is not
changed in any way in the next two weeks, it will be automatically resolved.
Thank you for your help in this matter.

The latest beta releases can be obtained from:
Firefox:     http://www.mozilla.org/projects/firefox/
Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html
Seamonkey:   http://www.mozilla.org/projects/seamonkey/

Comment 3

[Gervase Markham [:gerv]]

This bug has been automatically resolved after a period of inactivity (see above
comment). If anyone thinks this is incorrect, they should feel free to reopen it.

Comment 4

[Ralf Hauser]

enabling to use thunderbird with two-factor auth and alike is still a desire

Comment 5

[Steve Simms]

This seems to me to be far enough outside the realm of normal E-Mail use that it'll be a wontfix.

But, more immediately, the URL describing what you'd like to see implemented doesn't work any more.  Could you update that, please?  Also, if you could give us an example or two of an E-Mail server that implements what you're suggesting, I think that will help.

Comment 6

[Joshua Cranmer [:jcranmer]]

This report is too underspecified for me to make a judgment. The key piece seems to be defined in a URI that no longer works, and I'm not sure if this is supposed to be some form of SASL-based authentication or not.

In lieu of more information, RESO INCO.

Comment 7

[Ralf Hauser]

A newer URL is http://www.axsionics.ch/tce/frame/main/422.htm - we are working on that on our smtp/imap server.
And we would appreciate how MUA creators plan to handle 3-factor authentication.

Comment 8

[Joshua Cranmer [:jcranmer]]

This sounds like something that would be handled (in the protocol) via some form of SASL-based authentication. If that is true, then this is really a dupe of bug 400212. If not (via an entirely new IMAP command), then this is probably WONTFIX. Thoughts, bienvenu?

Comment 9

[David :Bienvenu]

No, bug 400212 is more about lessening the duplication of code in various protocols' sasl implementations. Either way, we'd need to write code in IMAP to handle this, I would think.