[Dev] Email security UI

Brian Kirsch bkirsch at osafoundation.org
Tue May 31 11:28:40 PDT 2005 

Hi Heikki,
Your proposal is a very good first step towards making account 
configuration easy and understandable to the  average
email user.

I agree entirely with your proposal and would like in fact to elaborate 
further on how I see the Account setup process taking place.

When a user enters new account information they are presented with a 
simple account setup wizard to enter the type of account (IMAP, POP, 
SMTP) and the host, username, and password (The AccountDB proposal may 
make it even easier).
Information such as port and SSL options are hidden from the user but 
are accessible via an advanced menu.

When the user is about to complete the wizard the Mail Service performs 
various tests on the account to see if it supports SSL or TLS and which 
port to use (using default port logic i.e. imap is 143 imaps is 995).

The results of the Mail Service discovery are presented to the user on 
the last page of the wizard ie.: This account supports secure 
communication or This account does not support secure communication do 
you wish to continue?.

This check is a more complex version of the current Mail Service test 
account settings feature and will also report back any errors
in the actual account configuration (ie. bad host name or mis-typed 
password).

If the user at a later date changes the hostname of the account the 
automatic discovery process will need to be run again.

There is an issue if the isp changes its supported server 
configuration.  For example an isp may decide to disable direct SSL imap 
connections on port 995 and instead force users to use a STARTTLS 
command on port 143.

This change would cause a connection error in Chandler since the server 
is no longer listening on port 995.

When the error displays to the user the GUI dialog should have an option 
to rediscover settings for this account.
The user would either elect this option or not.

You also raised a good point about a growing trend in Cable and DSL 
modem companies to allow insecure connections inside the network and 
only secure connections outside its firewall.

Having multiple profiles per account which inherit from the default 
account settings will make it much easier for user to check mail from 
home and while roaming.

For example, for a given SMTP account your home profile could be:
port 25 unencrypted connection with no authentication
All other info (host, etc) inherited from the Account

Roaming:
port 587 encrypted connection with authentication
All other info (host, etc) inherited from the Account


When writing a message there would be a drop down menu which would allow you
to select which profile to use to send the message.

The profile setup could also be wrapped in an auto discovery process. 
When the user creates a profile for a account
the Mail Service tries determine the best settings for the current 
connection.


-Brian







Heikki Toivonen wrote:

>During email security review we discussed how the email related security
>settings are too hard for users. A while back I was also thinking about
>this, and wrote a small proposal that would be easier for users:
>
>http://wiki.osafoundation.org/bin/view/Journal/HeikkiToivonen20050512
>
>--
>  Heikki Toivonen
>
>  
>
>------------------------------------------------------------------------
>
>_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
>
>Open Source Applications Foundation "Dev" mailing list
>http://lists.osafoundation.org/mailman/listinfo/dev
>  
>


-- 
Brian Kirsch - Email Framework Engineer
Open Source Applications Foundation
543 Howard St. 5th Floor
San Francisco, CA 94105
(415) 946-3056
http://www.osafoundation.org

More information about the Dev mailing list