Re: Thunderbird and end-to-end email encryption – should this be a priority?
Joshua Cranmer 🐧
pidgeot18 at gmail.com
Wed Aug 26 14:40:46 UTC 2015
On 8/26/2015 5:42 AM, Bron Gondwana wrote:
> Meanwhile, low hanging fruit... does Thunderbird ever send passwords
> in plaintext over the wire without you doing an arcane dance in
> about:config somewhere?
We give you big red security boxes if you try to config an account in
this way, although later modification of account settings don't trigger
> Will it connect to servers with self-signed certificates without you
> doing a similar dance?
Self-signed certificates are exactly as secure from a privacy
perspective as no security at all, in the face of active attackers.
> Are you still embedding a giant complex browser engine from an
> organisation which doesn't give a shit about making sure they aren't
> breaking your tree or removing things that you depend on, and isn't
> making security fixes for your branches a priority?
*THAT* is not low-hanging fruit.
Thunderbird and DXR developer
Source code archæologist
More information about the tb-planning