On 05/07/2012 11:33 AM, anonym wrote: > 05/06/2012 03:57 PM, Jacob Appelbaum: >>> A few Tor hackers (Sukhbir, tagnar, myself, etc) are working on a >>> plugin for Thunderbird that attempts to Torify it properly. The >>> codename for now is 'torbutton-birdy' and it is based largely on >>> the seminal analysis[-1] by tagnaq. Two core goals in addition to >>> Torification is the integration with MixGUI[0] and of course >>> Enigmail[1]. > > This sounds awesome! In Tails we have had plans to move to > Thunderbird/Icedove [1] for some time and this seems like a must have. > > [1] https://tails.boum.org/todo/Return_of_Icedove__63__/ >
Great - I agree. It would basically be installed and then any account in use will be configured to go over Tor by default. >>> DNS and other connections leak during account creation (when >>> Thunderbird >>>> is trying to work out how to connect), but after that I can >>>> receive (IMAP w/STARTTLS, IMAPS) and send (Submission >>>> w/STARTTLS, SMTPS) without seeing any leaks, including no DNS >>>> leaks. I can also see the connections showing up in the Vidalia >>>> Network Map. >>>> >> These issues should be listed in the TODO file - I'm sorry to say >> that Thunderbird and the Mozilla team seems to refuse to Do The >> Right Thing with the account setup wizard. The bugs on this topic are >> a depressing read - it's not really possible to override this and >> fail closed - which seems like an unreasonable stance... > > In January I worked a bit on securing Thunderbird's autoconfiguration > wizard to make it suitable for Tails. What I did was the following: > > * When probing a mail provider for an xml config, first try HTTPS, > then http (old behaviour: http only). > * When using a fetched xml config, prefer using TLS/SSL over plaintext > (old behaviour: use whatever is defined first in the xml file). > * Introduce a boolean pref called `mailnews.auto_config_ssl_only` > (that has a checkbox in the autoconfiguration wizard) that does the > following when true: > - Only allow HTTPS when fetching xml configs from mail provider. > - Only allow HTTPS when fetching xml configs from Mozilla's database > (luckily the default URL is using HTTPS). > - Don't check DNS MX records for mail configurations. (This may need > some rethinking for DNSSEC.) > - Only accept fetched xml configs that use safe email protocols > (SSL/TLS for SMTP/IMAP/POP). > - Only probe the mail server for safe email protocols (SSL/TLS for > SMTP/IMAP/POP). > > These changes are implemented in the `secure_account_creation` branch > in a git repository that can be cloned as follow: > > git clone git://labs.riseup.net/tails_icedove.git All of those need to go upstream, please. They do not belong in Torbutton-birdy, they belong in TB proper, I think. > > (Since the repo is huge (and there's no gitweb AFAIK) I also attached > the commits as git patches. This were written for Thunderbird 8, but I > know they apply cleanly to TB 10 as well.) > Nothing attached here... > Comments on the above described approach (and the implementation) are of > course highly welcome. > > The idea is to at least try to get this merged upstream (if not in > Mozilla, perhaps at least in Debian) in some form, otherwise we're > gonna ship an Icedove built from sources with these changes applied in > Tails. > Yes, I agree. > It's unclear to me if you've done (or plan to do) some work on the > autoconfig wizard in torbutton-birdy. I'd appreciate if you could > elaborate on this. > We haven't touched it - please check out the TODO. All the best, Jacob _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
