[Psi-devel] account defaults don't work for google talk
Remko Tronçon
remko at el-tramo.be
Fri Mar 2 00:03:46 PST 2007
> I think security is important, and we all know that users just click
> away nag messages.
Not in IM, they don't, because they get nagged every day :-).
Ok, here is what i propose for the nag messages:
- Implement 'Allow Plaintext' option as a combobox with the following 3 options:
* Always
* Over encrypted connection
* Ask
* Never
- 'Ask' is the default
- Whenever a server only supports plaintext, and the option is 'Ask',
ask whether it is ok to connect. If the connection is encrypted, add
to the message that the connection is encrypted, and add a checkbox
'Always allow over encrypted connections', which sets the option to
'Over encrypted connection'.
This results in the following: users will get nagged when they connect
to a plaintext server. In a rather secure environment (ie where the
server uses TLS), they have the ability to make the nag message
disappear forever from this dialog. For the other setting, they will
keep on getting the nags until they go to the account settings and put
the 'allow plaintext' to 'always'.
Next question: is this implementable? I.e. is there a hook in our
authentication code which allows us to abort or continue based on the
selected mechanism. Justin?
cheers,
Remko
More information about the psi-devel
mailing list