Re: aox views are too flexible to be usable — I think

2013-08-30 Thread Arnt Gulbrandsen
Beast leverages web features to attack tls. Against a mail server it will not be terribly speedy: the attacker has to send you a message and trick you into replying in order to perform a single guess. And even then the reply may not be usable for the attacker. Worry factor: nil. Arnt

Re: aox views are too flexible to be usable — I think

2013-08-30 Thread Martin Rode
Hi Arnt hi guys, we have build our CRM tool (for internal use only) around aox. The reason we are using it, is its normalized data accessible through views. My favorite view is the one which shows all received/sent mail for a certain sender address(es) and multiple recipient addresses. Very

Re: aox views are too flexible to be usable — I think

2013-08-30 Thread Arnt Gulbrandsen
Martin Rode martin.r...@programmfabrik.de writes: we have build our CRM tool (for internal use only) around aox. The reason we are using it, is its normalized data accessible through views. My favorite view is the one which shows all received/sent mail for a certain sender address(es) and

aox views are too flexible to be usable — I think

2013-08-29 Thread Arnt Gulbrandsen
Hi, since the whole Snowden/NSA sadness started I find my thoughts returning to views every so often, and why gmail's views work well while aox' views are not usable. I've known they aren't usable for a while, but not been able to find out why. After all, they can do everything. But maybe it's

Re: aox views are too flexible to be usable — I think

2013-08-29 Thread Arnt Gulbrandsen
Axel Rau axel@chaos1.de writes: No, not really. Complexity often keeps users away from a feature. (-; Yes. In this case, one of the results of the flexibility is that GUI support is essentially impossible. While we are talking about NSA, are you considering implementing Diffie–Hellman key

Re: aox views are too flexible to be usable — I think

2013-08-29 Thread Axel Rau
Am 29.08.2013 um 21:44 schrieb Arnt Gulbrandsen a...@gulbrandsen.priv.no: While we are talking about NSA, are you considering implementing Diffie–Hellman key exchange? I would happily add that. Right now the server uses the openssl default, more or less: SSL_CTX_set_cipher_list(

Re: aox views are too flexible to be usable — I think

2013-08-29 Thread Arnt Gulbrandsen
Axel Rau axel@chaos1.de writes: In my nginx.conf, I have ssl_ciphers HIGH:!aNULL:!MD5; which produces PFS. I added it now, but did not commit. Arnt

Re: aox views are too flexible to be usable — I think

2013-08-29 Thread Mark Felder
On Thu, Aug 29, 2013, at 14:58, Arnt Gulbrandsen wrote: Axel Rau axel@chaos1.de writes: In my nginx.conf, I have ssl_ciphers HIGH:!aNULL:!MD5; which produces PFS. I added it now, but did not commit. current recommended cipher settings that defeat BEAST attack look like this: