Bug #15788

Rethink our patches with Thunderbird 60

Added by CyrilBrulebois 2018-08-14 19:53:14 . Updated 2018-10-22 14:10:39 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
2018-08-14
Due date:
% Done:

100%

Feature Branch:
Type of work:
Research
Blueprint:

Starter:
Affected tool:
Email Client
Deliverable for:

Description

TB 60 comes with improvements related to protocols vs. security.

See screenshots when trying to validate a configuration with a cleartext SMTP server as discovered by the config wizard.

It seems it might be time to re-evaluate the Tails-specific patches.


Files

autoconf1.png (66953 B) CyrilBrulebois, 2018-08-14 19:50:50
autoconf2.png (71056 B) CyrilBrulebois, 2018-08-14 19:50:51

Subtasks


Related issues

Related to Tails - Bug #15387: The Mozilla auto_config database requires an unusable CAPTCHA for Torified requests Rejected 2018-03-07
Related to Tails - Bug #12203: Thunderbird account setup wizard fails with "Programming bug. Assertion failed, see log." when using Manual config Confirmed 2017-01-31

History

#1 Updated by intrigeri 2018-08-15 06:43:42

  • Status changed from New to Confirmed
  • Target version changed from Tails_3.9 to Tails_3.11
  • Affected tool set to Email Client

#2 Updated by intrigeri 2018-08-15 06:43:57

#3 Updated by intrigeri 2018-08-15 06:46:07

Next steps:

  1. test this with a pristine Thunderbird (without our Feature #6156 patches)
  2. confirm the warning appears there as well
  3. assess the marginal benefit of our patches compared to what pristine Thunderbird already does

#4 Updated by Anonymous 2018-08-16 11:26:31

  • related to Bug #15387: The Mozilla auto_config database requires an unusable CAPTCHA for Torified requests added

#5 Updated by Anonymous 2018-08-17 09:57:32

  • related to Bug #12203: Thunderbird account setup wizard fails with "Programming bug. Assertion failed, see log." when using Manual config added

#6 Updated by intrigeri 2018-09-14 11:26:36

  • Assignee changed from intrigeri to lamby
  • Target version changed from Tails_3.11 to 2019

(As part of Feature #6156.)

#7 Updated by lamby 2018-09-14 13:50:19

  • Assignee changed from lamby to intrigeri

Similar to Bug #15790, did we discuss this? I don’t recall doing so, thus just wondering if it’s a mistake to assign it over to me specifically? And, again, if it’s “to be discussed” feel free to assign back - I note the “2019” target.

#8 Updated by intrigeri 2018-09-14 14:05:14

  • Assignee changed from intrigeri to lamby

(Yes, to be discussed, like the parent ticket :)

#9 Updated by anonym 2018-10-22 14:10:39

  • Status changed from Confirmed to Resolved
  • Assignee deleted (lamby)
  • Target version changed from 2019 to Tails_3.11
  • % Done changed from 0 to 100
  • QA Check set to Pass

CyrilBrulebois wrote:
> It seems it might be time to re-evaluate the Tails-specific patches.

Me and Ulrike already did: given the warning page we removed the “Secure protocols only” checkbox (but preserved it as a hidden pref for Tails and/or Torbirdy, although whether we want to is a pending discussion).

Note that Thunderbird only has solved one half of the protocol security problems: it warns when insecure protocols end up in the final configuration the user picks. But it will still do a insecure HTTP fetch from the mail provider before anything else that could be MitM:ed and present the user a SSL-enabled configuration (so no warninig) that points to evil.org instead of what the user wants. Our patches still fixes that, and many other things (proxy support for guessing, Tor-friendly (= higher) timeouts, disable OAth2, …).

Any way, I think this ticket is resolved. Please reopen if you think I’m mistaken!