1. Google may have made the choice to disable it in Gmail, for the same reason we are. In any case it's definitely the reason that it's failing.
2. It's certainly an option to add it. Maybe in the improved error dialog we show, much like accepting self signed certificates. 3. To an extent but I do think you blow off the perception issue too easily. Positive appearance of security prevents people fixing it - being forced to pick 'unencrypted' tells you something. I want to support secure software in a way that encourages people getting their providers to provide secure systems. So I want it to be easy to be secure and a conscious choice to be insecure. I'm aiming for a certain level of inconvenience to help the user basically. There's also the ciphers he could change for example. Broken crypto becomes no crypto once any attacker can trivially examine it with a tool widely available. It's not standard user level to view unencrypted traffic anyway - you have to sniff WiFi data or put yourself in the server path. So once it's as easy to decrypt as to intercept it really is the same thing. In this specific case he is his own provider so I felt it was worth making the point. On April 14, 2016 6:38:55 PM GMT+01:00, Mouse <[email protected]> wrote: >1. Gmail comes from (roughly) the same source as BoringSSL. It wouldn't >be >likely for the two to have security profiles so diverged. It warrants >verification, I'd say. > >2. Maybe it's worth having an option to disable enforcing the DH >length. >Not sure which is the lesser evil - if a person can't check his email, >the >fact that the piece of software thinks it's secure becomes rather >irrelevant (Denial of Service through security configuration :). > >3. In a similar tone, SSLv3 is certainly broken. On the other hand, is >a >completely insecure connection better than SSLv3. Oh, and let's not >bring >up the crap of "false security", "security perceptions", etc. This is >strictly about whether it's worth to make the attacker do some work >(e.g., >cross the street or twist a door-knob), or should one leave his door >wide >ajar when the proper strong lock doesn't work? >-- >Regards, >Mouse > >-- >-- >You received this message because you are subscribed to the K-9 Mail >Users List. >To post to this group, send email to [email protected] >To unsubscribe, email [email protected] >To report an issue with K-9 Mail, visit >http://code.google.com/p/k9mail/issues/list >For more options, visit this group at >http://groups.google.com/group/k-9-mail > >--- >You received this message because you are subscribed to the Google >Groups "K-9 Mail" group. >To unsubscribe from this group and stop receiving emails from it, send >an email to [email protected]. >For more options, visit https://groups.google.com/d/optout. Best regards, Philip Whitehouse -- -- You received this message because you are subscribed to the K-9 Mail Users List. To post to this group, send email to [email protected] To unsubscribe, email [email protected] To report an issue with K-9 Mail, visit http://code.google.com/p/k9mail/issues/list For more options, visit this group at http://groups.google.com/group/k-9-mail --- You received this message because you are subscribed to the Google Groups "K-9 Mail" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
pgpzuef2Us6Q1.pgp
Description: PGP signature
