Re: [apps-discuss] [webfinger] Mail client configuration via WebFinger
"Paul E. Jones" <paulej@packetizer.com> Mon, 08 February 2016 01:56 UTC
Return-Path: <paulej@packetizer.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 643CB1A89FD; Sun, 7 Feb 2016 17:56:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.003
X-Spam-Level:
X-Spam-Status: No, score=-2.003 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qtMkU0e4kb21; Sun, 7 Feb 2016 17:56:03 -0800 (PST)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31E251A8872; Sun, 7 Feb 2016 17:56:03 -0800 (PST)
Received: from [192.168.1.20] (cpe-098-122-181-215.nc.res.rr.com [98.122.181.215] (may be forged)) (authenticated bits=0) by dublin.packetizer.com (8.15.2/8.15.2) with ESMTPSA id u181txaX020054 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 7 Feb 2016 20:56:00 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=packetizer.com; s=dublin; t=1454896560; bh=N6seHTmtDd6J3hF2vP1dDCeMOGuiPIxWNC/kjIF838E=; h=From:To:Subject:Date:In-Reply-To:Reply-To; b=OYxeAJP7RJkoovu4ZIzuWlml/9oe9Ia75EKdQvM4l9Mw/WTMmEOSsnw5JWrbYnNP0 OLUnb2DcktpHxFedsqw1WX45RjHQA4Bqb+lzYKuonPwYxF9pHNoFihEG/+VB7zl0tz iEkNTOnEGQi2lvvvkRpqZSfVPcBuS9H90lZJ8Pj4=
From: "Paul E. Jones" <paulej@packetizer.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, John C Klensin <john-ietf@jck.com>, apps-discuss@ietf.org, webfinger@ietf.org
Date: Mon, 08 Feb 2016 01:56:28 +0000
Message-Id: <em509d6af4-51d0-4f8e-a905-31cc4b32adae@sydney>
In-Reply-To: <56B7F345.9060505@cs.tcd.ie>
User-Agent: eM_Client/6.0.24316.0
Mime-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.14 (dublin.packetizer.com [10.109.150.103]); Sun, 07 Feb 2016 20:56:00 -0500 (EST)
Archived-At: <http://mailarchive.ietf.org/arch/msg/apps-discuss/8QtDdYrmP57Mx2A9Ut1td7THee0>
Subject: Re: [apps-discuss] [webfinger] Mail client configuration via WebFinger
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: "Paul E. Jones" <paulej@packetizer.com>
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/apps-discuss/>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Feb 2016 01:56:04 -0000
Stephen, >On 08/02/16 00:45, Paul E. Jones wrote: >> >> If ACAP was going to take off, I think it would have by now. > >That seems correct to me. > >I think solving this problem in isolation would be worthwhile >if folks deployed a solution. (IOW, let's not generalise too >much.) > >My own ask here is that the user not be expected to enter a >password until after whatever automatable checks can be done, >have been done. I really hate entering a password into a new >device before I've gotten any feedback that that device is not >going to send the password in clear over the network. And yes >that may be a minority concern, but it is still I think one >we ought not ignore, esp. as it should be quite possible to >encourage good behaviour here (it's as easy as encouraging >bad behaviour;-) In the case of WebFinger, all requests go over HTTPS only. That said, I think your suggestion is a good one. It's entirely possible that the authentication mechanism might not be password based and we won't know what that is until the query is made to the server hosting the configuration document. Paul
- Re: [apps-discuss] Mail client configuration via … Eric Burger
- Re: [apps-discuss] Mail client configuration via … Cyrus Daboo
- Re: [apps-discuss] Mail client configuration via … Arnt Gulbrandsen
- Re: [apps-discuss] Mail client configuration via … Dave Cridland
- Re: [apps-discuss] Mail client configuration via … John Levine
- Re: [apps-discuss] [webfinger] Mail client config… Paul E. Jones
- Re: [apps-discuss] Mail client configuration via … Stephen Farrell
- Re: [apps-discuss] Mail client configuration via … Paul E. Jones
- Re: [apps-discuss] Mail client configuration via … Eric Burger
- Re: [apps-discuss] Mail client configuration via … John C Klensin
- [apps-discuss] Mail client configuration via WebF… Paul E. Jones
- Re: [apps-discuss] Mail client configuration via … Dave Cridland
- Re: [apps-discuss] Mail client configuration via … Claudio Allocchio
- Re: [apps-discuss] Mail client configuration via … Paul E. Jones
- Re: [apps-discuss] Mail client configuration via … John C Klensin
- Re: [apps-discuss] Mail client configuration via … John C Klensin
- Re: [apps-discuss] Mail client configuration via … Phillip Hallam-Baker
- Re: [apps-discuss] Mail client configuration via … Phillip Hallam-Baker
- Re: [apps-discuss] Mail client configuration via … Phillip Hallam-Baker
- Re: [apps-discuss] Mail client configuration via … John Levine
- Re: [apps-discuss] Mail client configuration via … Phillip Hallam-Baker
- Re: [apps-discuss] Mail client configuration via … Arnt Gulbrandsen
- [apps-discuss] call blocking was Re: Mail client … t.petch
- Re: [apps-discuss] Mail client configuration via … Eric Burger
- Re: [apps-discuss] Mail client configuration via … Claudio Allocchio
- Re: [apps-discuss] Mail client configuration via … Doug Royer
- Re: [apps-discuss] Mail client configuration via … John Levine
- Re: [apps-discuss] Mail client configuration via … Arnt Gulbrandsen
- Re: [apps-discuss] Mail client configuration via … Doug Royer
- Re: [apps-discuss] Mail client configuration via … Eric Burger
- Re: [apps-discuss] Mail client configuration via … John C Klensin
- Re: [apps-discuss] Mail client configuration via … John Levine
- Re: [apps-discuss] Mail client configuration via … John Levine
- Re: [apps-discuss] Mail client configuration via … Arnt Gulbrandsen
- Re: [apps-discuss] Mail client configuration via … Arnt Gulbrandsen
- Re: [apps-discuss] Mail client configuration via … Doug Royer
- Re: [apps-discuss] Mail client configuration via … Doug Royer
- Re: [apps-discuss] Mail client configuration via … Doug Royer
- Re: [apps-discuss] Mail client configuration via … John Levine
- Re: [apps-discuss] Mail client configuration via … Phillip Hallam-Baker
- Re: [apps-discuss] Mail client configuration via … Phillip Hallam-Baker