[Evolution-hackers] Evolution SSL/TLS improvements
- From: Rodney Dawes <dobey novell com>
- To: evolution-hackers lists ximian com
- Subject: [Evolution-hackers] Evolution SSL/TLS improvements
- Date: Thu, 11 Nov 2004 17:20:17 -0500
Back to the three-letter acronym problem we have. I talked with fejj a bit yesterday at lunch, about
the use of SSL/TLS, and how the code behaves, and what optimal solutions might be. It occurs to me
that people don't use "Whenever Possible" out of the fear that they will be reading e-mail over a clear
connection, and not know it. Thus people either choose "Always", which doesn't fall back to clear text,
or "Never", which doesn't try to do SSL/TLS at all. Given that we don't really provide any feedback to
the user of whether or not we are actually connected securely, we came up with the idea of showing an
icon next to the Account in the folder tree, to show whether we are Disconnected, Connected, or
Connected Securely. Since "On This Computer" is local, and can never be any of those three, I stuck a
"computer" icon next to it in my mock-up below.
In this mockup, we have the "Test", "Work", and "Test Work" accounts (yes, I'm lazy, and just copied stuff
around in GIMP). The "Test" account is connected, but is not over a secure connection. The "Work" account
is connected, and secure. And, the "Test Work" account is disconnected. "On This Computer" is local, and
has a special icon. To support this, we basically need to add 2 new flags to the CamelStore API. These flags
would be something like CAMEL_STORE_IS_SECURE, and CAMEL_STORE_IS_LOCAL. This will allow us to
determine if we are local, and once we are connected, if we are secure. Jeff informed me that API already
exists to tell if we are connected, so we can add the disconnected icon support very easily.
As far as actual behavior and settings go, the most user-friendly method, is to default to the highest level
of security, and safely fall back through lower levels. Based on this ideology, we can get rid of the "Never"
and "Whenever Possible" options, and just always try to do STARTTLS, and with the status icons in the
tree above, the user will know what is going on. As for the "Always" option, we can turn it into a check
box, and when enabled, rather than falling back to a cleartext connection, if STARTTLS nor SSL Port work,
just fail to connect, and set the status to disconnected. This would give us the following interfaces when
built with ssl support enabled, and without:
These are links, due to the size of the images. Another advantage to adding the status icons to the folder
tree, is that we can kill off the "PING" error that everyone hates, and just change the store's status to be
disconnected, and update the icon in the tree.
] [Thread Prev