paranoia icon indicating copy to clipboard operation
paranoia copied to clipboard

Published 20 hours ago verified publisher icon gjedeer

Feature requests

Open thorsheim opened this issue 9 years ago • 2 comments

  • Display SSL/TLS cipher suites used (for each step)
  • ^^ using a graded score (see starttls.info for grading of RFC3207 starttls support on smtp servers)
  • Integrate SPF check (& DKIM / DMARC)
  • Integrate DANE TLSA checks (RFC7662) for verification of domain/host(s) from start to finish.

thorsheim avatar Nov 30 '15 22:11 thorsheim

1/2 are doable.

3 is not a point of this extension, there are others which can do SPF and related checks (and I'm using them).

4 would be nice but I have no idea how to execute it in the Mozilla API. Also, how would it work? There is no information about cert fingerprints in the email headers, so we would check what exactly? Existence of TLSA, without verifying?

Thanks for the ideas, if you feel like implementing either of them the patches are welcome

gjedeer avatar Nov 30 '15 22:11 gjedeer

Another suggestion: Instead of relying on the headers to passively identify secure emails, rely on active identification such as correlating the intermediate mail servers with their corresponding results from a tool like: https://ssl-tools.net/mailservers

TjWallas avatar Oct 18 '17 11:10 TjWallas