420262 - Possibility to use the STARTTLS command when available with NNTP.

Status: RESOLVED WONTFIX

(MailNews Core :: Networking: NNTP, enhancement)

Description

[Julien ÉLIE]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12
Build Identifier: version 2.0.0.12

Contrary to the POP/IMAP/SMTP implementation in Thunderbird, it is impossible to ask for a TLS connection with NNTP (that is to say using STARTTLS when available).  Only *complete* SSL connections are currently possible.

Reproducible: Always

Comment 1

[Tony Mechelynck [:tonymec]]

I wonder whether this bug wouldn't be more appropriate for "Core -> MailNews: Security" or "Core -> Networking: News" components (availability of a TLS backend for news). Or else, should a separate bug be filed in "Mozilla Application Suite -> Accounts Manager" to track the same UI in SeaMonkey? Or maybe all three? (here for the Tb account settings frontend, Core for the Tb+Sm backend, Suite for the Sm account settings frontend)?

Comment 2

[Joshua Cranmer [:jcranmer]]

Banal triage stuff.

Comment 3

[Hartmut Welpmann [:welpy-cw]]

Since the newer RFC clearly recommends not to use STARTTLS, see RFC 8143 Section 2, I suggest to WONTFIX this.

Comment 4

[Julien ÉLIE]

Yes, thanks for pointing this out. I had totally forgotten this bug report I opened 17 years ago, in 2008. And yes, also as the author of RFC 8143, I agree explicit TLS with STARTTLS is no longer a feature to implement.

Comment 5

[Magnus Melin [:mkmelin]]

Well, it's a recommendation to prefer implicit TLS, but seems mostly due to concerns opportunistic STARTTLS (which we don't do elsewhere either since long). Non-opportunistic STARTTLS is basically as safe as implicit TLS.