Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature requests #15

Open
thorsheim opened this issue Nov 30, 2015 · 2 comments
Open

Feature requests #15

thorsheim opened this issue Nov 30, 2015 · 2 comments

Comments

@thorsheim
Copy link

  • Display SSL/TLS cipher suites used (for each step)
  • ^^ using a graded score (see starttls.info for grading of RFC3207 starttls support on smtp servers)
  • Integrate SPF check (& DKIM / DMARC)
  • Integrate DANE TLSA checks (RFC7662) for verification of domain/host(s) from start to finish.
@gjedeer
Copy link
Owner

gjedeer commented Nov 30, 2015

1/2 are doable.

3 is not a point of this extension, there are others which can do SPF and related checks (and I'm using them).

4 would be nice but I have no idea how to execute it in the Mozilla API. Also, how would it work? There is no information about cert fingerprints in the email headers, so we would check what exactly? Existence of TLSA, without verifying?

Thanks for the ideas, if you feel like implementing either of them the patches are welcome

@TjWallas
Copy link

Another suggestion: Instead of relying on the headers to passively identify secure emails, rely on active identification such as correlating the intermediate mail servers with their corresponding results from a tool like: https://ssl-tools.net/mailservers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gjedeer @TjWallas @thorsheim