01/12/2012 09:41 PM, intrigeri:
> Hi,
>
>>>> * ssl_only really does two separate things:
>>>
>>>> 1. It forces SSL for *fetching* configs.
>>>> 2. It forces SSL or STARTTLS in the *resulting* configuration when
>>>> *guessing* the config.
>>>
>>>> Is this confusing?
>>>
>>> Anything else would look strongly inconsistent to me, at least in the
>>> threat model I think we're considering. So I don't find it confusing.
>>>
>>> OTOH, I don't understand what exactly "*resulting*" means above, so
>>> I may very well be entirely confused wrt. how ssl_only behaves in
>>> GuessConfig city.
>
>> With resulting I just meant the fetched config after it has been parsed.
>
> Ok. And what do you mean by "it forces ... in the resulting", then?
> Refusing to save and/or use non-SSL parts?
Yes, i.e. it discards all plaintext configs. A fetched config can
contain several different alternatives (e.g. plaintext, SSL and STARTTLS
pop3), so if we fetch a config that only has plaintext for incoming and
outgoing, the fetch is considered to fail and the next autoconfiguration
step is started. Here's an example config file just to give you the idea:
https://live.mozillamessaging.com/autoconfig/v1.1/freenet.de
>> Since we have no icedove repo to push to
>
> Oops, sorry, I mentionned we should get one the other day, but I did
> not actually ask for it. Going to do this soon.
(note to others: I received emails off-list about this being done now)
Wow, that was very soon! Thanks! Pushed into a branch called
secure_account_creation. For the interested, grab it from:
git://labs.riseup.net/tails_icedove.git
>> I post my current work here
>
> A Git bundle would be more useful in case anyone wants to seriously
> have a look / improve / suggest.
>
> $ git help bundle
That would still be ~150 MB :)
Cheers!