Open
Bug 664636
Opened 13 years ago
Updated 2 years ago
Thunderbird should (semi-)automatically improve the security-related server configuration settings when it knows an improvement could be made
Categories
(Thunderbird :: Security, enhancement)
Thunderbird
Security
Tracking
(Not tracked)
NEW
People
(Reporter: briansmith, Unassigned)
References
Details
(Keywords: privacy)
Today, many users have sub-optimal security settings for their email servers. For example, many users do not use TLS-enabled configurations because they do not understand the advantages of TLS, at the time they first set up their email, their service provider didn't provide TLS, etc.
Also, recently some email providers have started offering IMAPS, POPS, and/or SMTPS over port 443 in addition to the standard IMAPS/POPS/SMTPS. This is a big benefit, because email over port 443 will work through many more firewalls than email over the standard ports will.
So, when we detect a sub-optimal configuration, we should offer to improve it for the user. For example, when we do update checks for Thunderbird, we can pull down updates to the server auto-configuration data, and then see if the current configuration for the user's servers is worse than the recommendations in the auto-configuration data; if so, we can ask the user to improve the security settings. Similarly, we can do this at installation time and/or when importing settings from other applications.
Comment 1•13 years ago
|
||
+1
Yes, this would be great.
(I've been suggesting that, too, back then, but not filed a bug. Thanks!)
Updated•13 years ago
|
Whiteboard: [sr:curtisk]
Updated•13 years ago
|
Whiteboard: [sr:curtisk] → [secr:curtisk]
Updated•13 years ago
|
Whiteboard: [secr:curtisk] → [sec-assigned:curtisk:749337]
Updated•12 years ago
|
Flags: sec-review?(curtisk)
Updated•12 years ago
|
Whiteboard: [sec-assigned:curtisk:749337]
bug has no owner and has not moved in 2 years, closing blocking sec-review bug as incomplete and leaving flag to indicate need to do security work when / if this bug refreshes
Updated•10 years ago
|
Flags: sec-review?(curtisk) → sec-review?
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•