Bug #15788: Rethink our patches with Thunderbird 60

Bug #15788

Rethink our patches with Thunderbird 60

Added by CyrilBrulebois 2018-08-14 19:53:14 . Updated 2018-10-22 14:10:39 .

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Target version:

Tails_3.11

Start date:

2018-08-14

Due date:

% Done:

100%

Feature Branch:

Type of work:

Research

Blueprint:

Starter:

Affected tool:

Email Client

Deliverable for:

Description

TB 60 comes with improvements related to protocols vs. security.

See screenshots when trying to validate a configuration with a cleartext SMTP server as discovered by the config wizard.

It seems it might be time to re-evaluate the Tails-specific patches.

Files

autoconf1.png (66953 B)	CyrilBrulebois, 2018-08-14 19:50:50
autoconf2.png (71056 B)	CyrilBrulebois, 2018-08-14 19:50:51

Subtasks

Related issues

Related to Tails - ~~Bug #15387~~: The Mozilla auto_config database requires an unusable CAPTCHA for Torified requests	Rejected	2018-03-07
Related to Tails - Bug #12203: Thunderbird account setup wizard fails with "Programming bug. Assertion failed, see log." when using Manual config	Confirmed	2017-01-31

History

#1 Updated by intrigeri 2018-08-15 06:43:42

Status changed from New to Confirmed
Target version changed from Tails_3.9 to Tails_3.11
Affected tool set to Email Client

#2 Updated by intrigeri 2018-08-15 06:43:57

Parent task set to Feature #6156

#3 Updated by intrigeri 2018-08-15 06:46:07

Next steps:

test this with a pristine Thunderbird (without our Feature #6156 patches)
confirm the warning appears there as well
assess the marginal benefit of our patches compared to what pristine Thunderbird already does

#4 Updated by Anonymous 2018-08-16 11:26:31

related to ~~Bug #15387~~: The Mozilla auto_config database requires an unusable CAPTCHA for Torified requests added

#5 Updated by Anonymous 2018-08-17 09:57:32

related to Bug #12203: Thunderbird account setup wizard fails with "Programming bug. Assertion failed, see log." when using Manual config added

#6 Updated by intrigeri 2018-09-14 11:26:36

Assignee changed from intrigeri to lamby
Target version changed from Tails_3.11 to 2019

(As part of Feature #6156.)

#7 Updated by lamby 2018-09-14 13:50:19

Assignee changed from lamby to intrigeri

Similar to ~~Bug #15790~~, did we discuss this? I don’t recall doing so, thus just wondering if it’s a mistake to assign it over to me specifically? And, again, if it’s “to be discussed” feel free to assign back - I note the “2019” target.

#8 Updated by intrigeri 2018-09-14 14:05:14

Assignee changed from intrigeri to lamby

(Yes, to be discussed, like the parent ticket :)

#9 Updated by anonym 2018-10-22 14:10:39

Status changed from Confirmed to Resolved
Assignee deleted (~~lamby~~)
Target version changed from 2019 to Tails_3.11
% Done changed from 0 to 100
QA Check set to Pass

CyrilBrulebois wrote:
> It seems it might be time to re-evaluate the Tails-specific patches.

Me and Ulrike already did: given the warning page we removed the “Secure protocols only” checkbox (but preserved it as a hidden pref for Tails and/or Torbirdy, although whether we want to is a pending discussion).

Note that Thunderbird only has solved one half of the protocol security problems: it warns when insecure protocols end up in the final configuration the user picks. But it will still do a insecure HTTP fetch from the mail provider before anything else that could be MitM:ed and present the user a SSL-enabled configuration (so no warninig) that points to evil.org instead of what the user wants. Our patches still fixes that, and many other things (proxy support for guessing, Tor-friendly (= higher) timeouts, disable OAth2, …).

Any way, I think this ticket is resolved. Please reopen if you think I’m mistaken!