ISPDB configs without STARTTLS and/or SSL
asutherland at asutherland.org
Sat Jan 19 15:49:47 UTC 2013
On 01/19/2013 10:10 AM, Ben Bucksch wrote:
> However, without supporting plain (non-SSL) connections, you are going
> to miss a huge amount of configs. Ditto with POP3.
I think there remains a strong case for user privacy that we should not
facilitate the use of unencrypted e-mail connections at all. A similar,
if less strong, case can be made for requiring valid SSL certificates.
There are free alternatives like gmail that are known to be, at the very
least, competent. And there are free SSL certificates available from
StartCom and maybe others.
> Dropping the user into manual config is highly unfair, because that
> sends the user searching for something that we *know* doesn't exist.
> The point of autoconfig was to save time for the user, not waste it.
All solutions right now are stop-gap, unfortunately. I am entirely
on-board that if we can know with near-certainty that we don't support
something and believe that the information is still correct, that we
should say it.
If we could treat the lack of a supported configuration from the ISPDB
as 100% evidence, we could do the friendlier thing there. But as you
noted, the ISPDB assumes an e-mail client that supports STARTTLS (so may
not include SSL-only items) and that the client does not support
ActiveSync. So it's hard for us to have an error message that indicates
with absolute certainty that we don't support the account at all until
we fix up these various deficiencies.
> Compiling this list took some time, so please draw some constructive
> conclusions from it.
The list is greatly appreciated! Thank you! I have linked to it and
included the startTLS excerpts on the mozTCPSocket startTLS bug at
https://bugzilla.mozilla.org/show_bug.cgi?id=784816. I expect to also
use it as a basis if we need to revisit whether or not to allocate
resources to supporting POP3. I personally am of the mind that people
should switch e-mail providers in that case as well, but that's not the
decision-making process :)
More information about the tb-planning