Fwd: Intent to unship: TLS 1.0 and TLS 1.1

Kai Engert kaie at kuix.de
Tue Sep 17 12:12:45 UTC 2019


On 13.09.19 22:01, Rob Lemley wrote:
> I was able to pull some info from Censys:

Thanks Rob, that's very helpful information.

How about we show a notification bar when reading email from an
IMAP/POP3 server, that doesn't support TLS 1.2?

Maybe once per session per server: "The server you're accessing doesn't
support modern transport security: $hostname"

Same could be done after sending an email, in the main mail window, once
per session per server: "Your email was sent through a gateway that
doesn't support modern transport security: $hostname"

That would raise awareness, and make it easier to disable by default in
a future version.

Thoughts about this idea?

Because that requires UI and strings, I'm not sure if this could be done
in a Thunderbird 68.x point release.

If Thunderbird summer 2020 is the first version that displays such
warnings, we'd probably have to postpone disabling by default to a later
time.

Kai


More information about the tb-planning mailing list