Re: [apps-discuss] Mail client configuration via WebFinger

Eric Burger <> Tue, 09 February 2016 11:45 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 32AC81A8946 for <>; Tue, 9 Feb 2016 03:45:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.012
X-Spam-Status: No, score=-1.012 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, SPF_HELO_PASS=-0.001, SPF_NEUTRAL=0.779, T_DKIM_INVALID=0.01] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id J8styT5wFIvM for <>; Tue, 9 Feb 2016 03:45:28 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2C3831A8940 for <>; Tue, 9 Feb 2016 03:45:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;; s=default; h=To:References:Message-Id:Date:In-Reply-To:From:Subject:Mime-Version:Content-Type; bh=hNAtwpvUjv0Q2lZ6NB0U2GlvEZ4mS8JxsdA3aD/vek0=; b=CczJ6tKfcN/3HpRkYJ4e1MSoM19FdqmCYeOkR6BidwOjpGJU7bXjhtMzAEMq+M/Cpx4yTmA1Yei2LxbCknP7+yJuOjhyevE5P6GxV12H4rG4NwgMCidgi/eizOSblxRU9YNKT1Q4HPUbZcgXwipESEn7DsO8MZVMSd5I+wvuHAQ=;
Received: from ([]:51243 helo=[]) by with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.85) (envelope-from <>) id 1aT6jU-00045v-0A for; Tue, 09 Feb 2016 03:45:27 -0800
Content-Type: multipart/signed; boundary="Apple-Mail=_2BFF098F-DF21-476B-84E9-5DEE469F5B8B"; protocol="application/pgp-signature"; micalg=pgp-sha256
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
X-Pgp-Agent: GPGMail 2.6b2
From: Eric Burger <>
In-Reply-To: <>
Date: Tue, 9 Feb 2016 06:45:22 -0500
Message-Id: <>
References: <em67ef0b5c-33c6-4fd5-ae6a-15f29ac400d2@sydney> <20160209011213.92948.qmail@ary.lan> <> <>
X-Mailer: Apple Mail (2.3112)
X-OutGoing-Spam-Status: No, score=-2.9
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
X-Get-Message-Sender-Via: authenticated_id: user confirmed/virtual account not confirmed
Archived-At: <>
Subject: Re: [apps-discuss] Mail client configuration via WebFinger
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion of application-layer protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 09 Feb 2016 11:45:29 -0000

Would I not accept an automatic mail configuration protocol that does not configure S/MIME or PGP? No.

Would I not try really, really hard to create an automatic mail configuration protocol that does configure S/MIME or PGP? ***ABSOLUTELY***

In 2016, it would be criminal to not provide a solution for the 99.995% of users who cannot spell PGP or S/MIME. I agree with PHB’s sentiment here: we have to try, and we have to try really hard, to make the security configuration a major purpose for the effort.

For that matter, one can argue that without security configuration, the market has passed us by. My current experience is with MacOS. If you use Gmail, iCloud mail, Yahoo! mail, AOL, or Exchange, your mail configuration magically happens. If you are using a raw IMAP or POP3 server, more especially if you are using a real submit server at a different address, too bad for you. However, I’ll bet 99.995% of typical users are using one of the big providers and would ask “why is the IETF working on how to configure Gmail? It just works already. The IETF is solving yesterday’s problems.” If we say, “because you get security,” 99;995% of people would say, “the IETF is great!”

> On Feb 9, 2016, at 3:32 AM, Arnt Gulbrandsen <> wrote:
> Phillip Hallam-Baker writes:
>> And you don't have an email app configuration solution unless you can
>> configure S/MIME and OpenPGP.
> Wait, what? Solving the problem for the 99.995% who don't use PGP isn't worthwhile?
> Arnt
> _______________________________________________
> apps-discuss mailing list