Re: [Evolution-hackers] "Use secure connection" confusion



On lun., 2010-11-22 at 15:30 -0500, Matthew Barnes wrote:
> On Mon, 2010-11-22 at 19:48 +0100, Yves-Alexis Perez wrote:
> > As I understood it, SSL meant a tunneled connection over SSL/TLS, using
> > the relevant port (995/pops, 993/imaps, 465/smtps, 636/ldaps). TLS means
> > STARTTLS over a normal connection, so usually using the standard port
> > (110/143/25/389).
> 
> Thanks, that at least explains some of the original intent.  It may well
> be that mail accounts still work this way (I haven't looked closely yet)
> but I've seen several address book and calendar backends whose behavior
> appears to be basically "try a secure connection first, or else fall
> back to a normal connection".  I'll take a second look with this new
> information in mind to make sure I haven't misunderstood something.

Yeah, in my opinion there are two settings there
* how secure should the connection be (always/if possible/never)
* in the former cases: what kind of secure connection to use

> > It's still quite confusing, especially since SSL is called TLS now since
> > quite some time.
> 
> Yeah, the labels need to be clarified regardless.  But from a usability
> perspective, I see no reason why the user interface needs to be any more
> complex than a "use secure connection" checkbox.  If that means we first
> try a tunneled connection and then fall back to STARTTLS (or vice versa)
> then that's fine, but we should do it *silently*.
> 
> Plus we can easily record which method worked for a given mail account
> or data source and try that method first next time.  If picky users want
> to control which method is tried first then, well, key files are easy to
> edit.

Im my opinion, the connection should be secure by default, with a
fallback (and a warning asking for confirmation) if the secure
connection can't be established (it might be sensible in some cases).
For IMAP at least, STARTTLS can be detected in the capabilities returned
by the server, so it might help too.

Simplifying the settings is a good idea, but pretty please, no wizard à
la thunderbird, it's *horrible*, everytime I need to use it I want to
die.

Cheers,
-- 
Yves-Alexis

Attachment: signature.asc
Description: This is a digitally signed message part



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]