On Mon, Feb 22, 2021 at 02:34:20PM +0100, Reto wrote:
> On 22 February 2021 14:10:16 CET, Simon Ser <contact@emersion.fr> wrote:
>
> >The "insecure" option blindly trusts the cert. So I don't think it's a
> >big deal to *not* negotiate STARTTLS when insecure is explicitly
> >specified by the user.
>
> That's not what it does in aerc no. "insecure" tries to start a non encrypted plain text connection.
> There is no cert involved at all.
>
> *if* the server advertises support for starttls we bail out saying that this is probably not what you should be doing.
> If starttls is available you really should use it. Anything else is most likely a configuration mistake.
>
> The whole connection string is a frequent point of confusion, people tend to brute force various combinations instead of reading what the options do.
> (Based on our bug tracker / irc)
> Now, while one can make the point that well this is what you asked for it's rather bad in the above case.

... And that shouldn't have been sent as I was still drafting it.
Disregard it please.

Apparently we do two very different things in the imap connection code and the
smtp connection code.

We need to unify, either way.