Bug #15788
Rethink our patches with Thunderbird 60
100%
Description
TB 60 comes with improvements related to protocols vs. security.
See screenshots when trying to validate a configuration with a cleartext SMTP server as discovered by the config wizard.
It seems it might be time to re-evaluate the Tails-specific patches.
Files
Subtasks
Related issues
Related to Tails - |
Rejected | 2018-03-07 | |
Related to Tails - Bug #12203: Thunderbird account setup wizard fails with "Programming bug. Assertion failed, see log." when using Manual config | Confirmed | 2017-01-31 |
History
#1 Updated by intrigeri 2018-08-15 06:43:42
- Status changed from New to Confirmed
- Target version changed from Tails_3.9 to Tails_3.11
- Affected tool set to Email Client
#2 Updated by intrigeri 2018-08-15 06:43:57
- Parent task set to Feature #6156
#3 Updated by intrigeri 2018-08-15 06:46:07
Next steps:
- test this with a pristine Thunderbird (without our Feature #6156 patches)
- confirm the warning appears there as well
- assess the marginal benefit of our patches compared to what pristine Thunderbird already does
#4 Updated by Anonymous 2018-08-16 11:26:31
- related to
Bug #15387: The Mozilla auto_config database requires an unusable CAPTCHA for Torified requests added
#5 Updated by Anonymous 2018-08-17 09:57:32
- related to Bug #12203: Thunderbird account setup wizard fails with "Programming bug. Assertion failed, see log." when using Manual config added
#6 Updated by intrigeri 2018-09-14 11:26:36
- Assignee changed from intrigeri to lamby
- Target version changed from Tails_3.11 to 2019
(As part of Feature #6156.)
#7 Updated by lamby 2018-09-14 13:50:19
- Assignee changed from lamby to intrigeri
Similar to Bug #15790, did we discuss this? I don’t recall doing so, thus just wondering if it’s a mistake to assign it over to me specifically? And, again, if it’s “to be discussed” feel free to assign back - I note the “2019” target.
#8 Updated by intrigeri 2018-09-14 14:05:14
- Assignee changed from intrigeri to lamby
(Yes, to be discussed, like the parent ticket :)
#9 Updated by anonym 2018-10-22 14:10:39
- Status changed from Confirmed to Resolved
- Assignee deleted (
lamby) - Target version changed from 2019 to Tails_3.11
- % Done changed from 0 to 100
- QA Check set to Pass
CyrilBrulebois wrote:
> It seems it might be time to re-evaluate the Tails-specific patches.
Me and Ulrike already did: given the warning page we removed the “Secure protocols only” checkbox (but preserved it as a hidden pref for Tails and/or Torbirdy, although whether we want to is a pending discussion).
Note that Thunderbird only has solved one half of the protocol security problems: it warns when insecure protocols end up in the final configuration the user picks. But it will still do a insecure HTTP fetch from the mail provider before anything else that could be MitM:ed and present the user a SSL-enabled configuration (so no warninig) that points to evil.org instead of what the user wants. Our patches still fixes that, and many other things (proxy support for guessing, Tor-friendly (= higher) timeouts, disable OAth2, …).
Any way, I think this ticket is resolved. Please reopen if you think I’m mistaken!