EditAttachWiki Help
r3 - 13 Feb 2006 - 13:06:27 - HeikkiToivonenYou are here: OSAF >  Journal Web  >  ContributorNotes > HeikkiToivonenNotes > HeikkiToivonen20050512

Email Security UI

We need to do something about the security settings and UI for email. Right now it is typical to see things like: 

[ ] Use SSL
[ ] Use TLS
[ ] Use TLS when available
[ ] Use secure authentication

In some cases you may also have a separate security UI for selecting SSL versions, cipher suites and so on.

Now as a normal user (or even security conscious user), what are you supposed to make out of that? I consider myself pretty savvy about security, but those options don't really help me although I can guess what they are trying to say.

And to make matters worse, typically when you guess the settings wrong, the only indication about that is a timeout. In some application that manifests itself as a complete hang until timeout.

Ideally the user would not need to worry about this at all, and the application would automatically select the most secure settings. However, that is not always possible to do automatically due to bugs and strange configurations. In a pathological case you could have your ISP experimenting with secure technologies so that the email client would think it got a good connection, but there would be no data to download and sent messages would go to /dev/null.

Here's what we should aim for:

Have application global security preferences for SSL versions and cipher suites and the like, with as secure defaults as we can think will work.

Have per email account settings, which may override global defaults, look something like: 

(*) Automatically discover and remember the most secure settings. 
    Discovery may take a long time on first connection.
    Remembered settings: Start with SSL, SSL version: TLS
( ) Manual settings:
  [X] Start with SSL
      SSL version: (*) automatic ( ) SSL version 3 ( ) TLS
  [ ] Ask server first (STARTTLS or equivalent negotiation), but ask my confirmation if server does not
      support secure mode
      SSL version: ( ) automatic ( ) SSL version 3 (*) TLS
  [ ] Secure login (actual emails are not secured unless SSL or STARTTLS selected above)

Some ISPs do things which makes accounts hard to do. For example, when you are connected through the cable modem you rented from your ISP you can only connect in the clear. When you are elsewehere, you can only connect through SSL. Current email clients require user to manually change the SSL/no SSL depending on how they happen to be connected to the net.

See also AccountsDBProposal

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r3 < r2 < r1 | More topic actions
 
Open Source Applications Foundation
Except where otherwise noted, this site and its content are licensed by OSAF under an Creative Commons License, Attribution Only 3.0.
See list of page contributors for attributions.