Torbirdy allows weaker ssl/tls setings as the RFC standard recommends, too ( - Thunderbird).If most email provider support tls v. Ie to follow the recommendations of the RFCs and to use the recommanded ciphers tls version 1.2 has to be used and most XMPP servers support it (i don't know of any exception)(tls v1.1 was published in 2006, maybe it's time to move on )), IMHO tls v 1.2 should be enforced by any xmpp messenger and only if the user decides (for example cos this particular sever doesn't support tls v 1.2) it should be downgraded (like it's possible to turn logging on but at least its disabled by default by Tor Messenger)ītw, the tls issue might be relevant for torbirdy, too. These cipher suites are supported only in TLS 1.2 because they areĪuthenticated encryption (AEAD) algorithms. The following cipher suites is RECOMMENDED: Given the foregoing considerations, implementation and deployment of Well, if you look at RFC standard regarding TLS (RFC 7525) is says: "Tor Internet Bundle," or just the bland "Tor Browser and Messenger"), which would involve renaming the package on the website and in the download file names. You'd have to come up with a separate name for the combined package to avoid confusion (e.g. You should be able to force links in Tor Messenger chats to open in Tor Browser (instead of the computer's default browser) to prevent IP leakage. For those who would use both Tor Browser and Tor Messenger, there's some minor benefit in having to only update one program and using a bit less hard drive space for duplicated functionality. The savings (costs) may be neglible depending on how much code is shared. For those who would use both Tor Browser and Tor Messenger, it would reduce the amount of your server bandwidth (and Tor network traffic) required to download and update both programs (it would have the opposite effect for those who would only use one of them). However, having to download one package instead of two that are on the same download page isn't a huge benefit. It would be nice to have a single package that we could give to non-techies for secure, anonymous internet access (since most of them don't do more than browsing websites, webmail, and instant messaging). It would get more people aware of and using Tor Messenger. Since Tor Messenger is now built on Tor Browser, do you have any plans to merge the two products so that they come combined in one package (with separate shortcuts/.desktop files) once Tor Messenger is stable? I don't really have a preference either way at this point, but I'm curious about your thoughts. Trac 20062: Make stripping signatures reproducible on TM.Trac 20207: IB and Tor Messenger still share a notification key.Trac 20206: Avoid prompting to download font "Osaka" on macOS Sierra.Trac 20204: Windows don't drag on macOS Sierra.Bugzilla 1316000: Remove old Yahoo! Messenger support.Bugzilla 1313137: Fix irc "msg is not defined" error.Bugzilla 1246431: Properly handle incoming xmpp server messages.Trac 20608: Use Instantbird app version.Trac 20231: Remove incomplete translations.Trac 20208: Put conversations on hold by default.Trac 20205: Support SASL ECDSA-NIST256P-CHALLENGE.Trac 19816: Build process should generate mar files.Trac 17480: Make url linkification toggleable.Trac 17471: Investigate Tor Browser preferences relevant to Tor Messenger.Trac 16536: Investigate Tor Browser patches relevant to Tor Messenger.Trac 16491: Contact list entries don't adapt to the actual font size.Trac 16489: Only show "close" button on Windows.Use the THUNDERBIRD_45_4_0_RELEASE tag on comm-esr45.Use the tor-browser-45.5.0esr-6.0-1 branch (e5dafab8) on tor-browser.Please verify the fingerprint from the signing keys page on Tor Project's website. txt file containing hashes of the bundles is signed with the key 0xB01C8B006DA77FAA (fingerprint: E4AC D397 5427 A5BA 8450 A1BE B01C 8B00 6DA7 7FAA). At-risk users should not depend on it for their privacy and safety. The purpose of this release is to help test the application and provide feedback. Please note that Tor Messenger is still in beta. On installing and restarting, the update will be applied your account settings and OTR keys will be preserved. Tor Messenger 0.2.0b2 users will be automatically prompted to install the update (similar to Tor Browser). We will also try to keep in sync with the Tor Browser stable release cycle. This will help us in improving the security of Tor Messenger by making use of Tor Browser's patches. Starting with this release, Tor Messenger will be built on top of Tor Browser instead of Mozilla ESR. All users are highly encouraged to upgrade. This release features important improvements to the stability and security of Instantbird. We are pleased to announce another public beta release of Tor Messenger.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |