[Psi-devel] account defaults don't work for google talk

[Remko Tronçon]

After some discussion with the other devs, this is our conclusion: we
should target our options to the 'normal' user, and provide them
sensible, secure defaults. Paranoid users should be allowed to be
paranoid about things, by changing their account options (which they
will do anyway, because they're paranoid). Normal users shouldn't need
to tweak account options. This is actually the philosophy we used for
the TLS option (Always use, Never use, Use if available).

With this in mind, prompting the user 'Do you want to allow plaintext
authentication' does not really make sense, because a normal user does
not know what this means. This is why we're back to my initial
proposal: an option 'Allow plaintext: Always / Never / Over encrypted
connection', with the latter a default. This is a secure and sensible
default, because the password will never be sent cleartext over the
wire. If you are worried about man in the middle, you will get a
warning 'This certificate is self-signed / invalid / ...', which a
smart user will act upon. If you are worried about sending your
password to your server, even if you trust that it is your server (is
this even a sensible use case?), you can change the option to 'never
allow plaintext'.

Notice that, with these defaults (auto-ssl and plain over encrypted),
a user should never need to tweak his options if it wants to connect
to an RFC3920-bis compliant server (not taking into account
connectivity of course), without ever going below the security
lower-bound.

As for GOOGLE-TOKEN: with these defaults, it's not really necessary to
use google token anymore. I don't have a problem implementing it
(although it might be messy to have it in cyrus-sasl), but I don't
think there's any real use anymore at this point?

cheers,
Remko