Thunderbird/Support/TB115.0SupportIssues: Difference between revisions

Thunderbird/Support/TB115.0SupportIssues (view source)

1,087 bytes added , 17 October 2023

→‎Not so minor: e.g. "smime_signatures_accept_insecure_sha1", by default set to false, and users could set it to true.

612

edits

@@ Line 26: / Line 26: @@
 === Not so minor  ===
 (not in order)
+* [https://matrix.to/#/!iGORZbxsVWcnckaSjI:mozilla.org/$kW-1iWRGfG4bNfoEmCin0iMYaS7I_lj8qOPA-E5-_TE?via=mozilla.org&via=matrix.org&via=humanoids.be Kai in #tb-comms]: Because SHA-1 is not longer secure (since 2013!), when someone receives a digitally signed email in TB 115 that uses the old SHA-1 algo, we report the signature as "bad". <-- Some folks e.g. Italian government departments (and apparently: MS Office 2019 Outlook using Exchange Online still produces SHA-1-SMIME-Signatures today) are still using SHA-1 and are complaining in {{bug|1854592}}:"Thunderbird version 115 treats an S/MIME signature as invalid (e.g. from a PEC certificate) if the signature used SHA-1" --> Comment 15: `"NIST formally deprecated use of SHA-1 in 2011 and disallowed its use for digital signatures in 2013, and declared that it should be phased out by 2030.[14] As of 2020, chosen-prefix attacks against SHA-1 are practical."` --> potential unimplemented workaround would be to create a pref: e.g. "smime_signatures_accept_insecure_sha1", by default set to false, and users could set it to true.
 * {{bug|1854422}}: "iCal web subscription Thunderbird 115.2.x does not load" <-- hoping for a fix in 115.3.2
 * {{bug|1847658}}: "calendar invitation not send to attendees (but is sent to organizer)" <-- not fixed in 115.2.3 <-- hoping for a fix in 115.3.2