Re: [apps-discuss] Mail client configuration via WebFinger

Phillip Hallam-Baker <> Wed, 10 February 2016 21:21 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 1B66C1B3001 for <>; Wed, 10 Feb 2016 13:21:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, TVD_PH_BODY_ACCOUNTS_PRE=0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id dGghmjt6jZML for <>; Wed, 10 Feb 2016 13:21:26 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:400e:c00::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 971721B2FF8 for <>; Wed, 10 Feb 2016 13:21:26 -0800 (PST)
Received: by with SMTP id x65so18050934pfb.1 for <>; Wed, 10 Feb 2016 13:21:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=sender:date:from:to:message-id:in-reply-to:references:subject :mime-version:content-type; bh=3w1yn71E8MA7D1kjlrfFyaNDcHqlZT8aiAavxIEXI6U=; b=HLARiLLNWn3vKwM1MFEpai+8jkcgwh8lQXZHzT+I6Vy0r2JqOFVUvqizcwgAHmLZQC iVKi//5NCUP/bLbmAi+XUE1pL8dNW/Nk+jsAlUGWM3SRcFXcfXDLDqyHSWZThc4KI8+9 y7Wn3+uBM9jlwQXm6hD2ko2bOqYFuI6AhkAYq0xh4P+7kJ3JpvKX1HwtJF6YORMfV1W1 Dw7v5w14l9qQbhnWAq3p4jOnT0G0bdaOQq2EBL7MU+2oN+BbDRaKVaYSxm1Yj5AKIY/4 hLO/dFRc8+vFr28A/DIFbSVzEtIHVeZNMoqNrUigk7Iujfyv4HZtylXtDyjeOoOAgpGv ylaA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:sender:date:from:to:message-id:in-reply-to :references:subject:mime-version:content-type; bh=3w1yn71E8MA7D1kjlrfFyaNDcHqlZT8aiAavxIEXI6U=; b=e2cJYMw7iMdPnrjzhrHEV2vw7L+MdcIOcbNNABLeeiv/1KRvs1EhTLx/s5wKaRt7LT 8ZwgEKVquUKzJEDyVAuxXuOqY44oW2+VVBOhgZ6AI0NU4C+ZG78wn3hlMdb3YK1oyDar 1z88P9TxPqdUOirQHeBfvMXNmYN1Kt4hnQ+FLp9PvSCJ2IP5Jz7FLMP3N1K6hvvUKl9D 7zF762+nItB56wIiy+CuOW5INl76b9CdU72FBW+M/ir23K08xIuuts1O6ikC7d/XtvGh M5x5LyeL19ybqPTxP5bBiGfMsW1w7HH7OZ0f4TZNjLKfThwiywujsqbuGEgVgBWeqYrZ MH7A==
X-Gm-Message-State: AG10YOT67rLiR+BRuyx8FfYdjLjMnBjT6wl/Wks6MsJ44x/KkVL5Dmjr6kN3g32e1ySI+A==
X-Received: by with SMTP id o191mr34460615pfo.83.1455139286312; Wed, 10 Feb 2016 13:21:26 -0800 (PST)
Received: from ( []) by with ESMTPSA id b2sm7286007pfd.24.2016. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Feb 2016 13:21:22 -0800 (PST)
Sender: Phillip Hallam-Baker <>
Date: Wed, 10 Feb 2016 21:21:21 +0000 (UTC)
From: Phillip Hallam-Baker <>
To: <>, Doug Royer <>
Message-ID: <>
In-Reply-To: <>
References: <emc9b882a7-c562-43e8-9f49-588d8de9d20b@sydney> <> <>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_7313_1813955423.1455139281663"
X-Mailer: Outlook for iOS and Android
Archived-At: <>
Subject: Re: [apps-discuss] Mail client configuration via WebFinger
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion of application-layer protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 10 Feb 2016 21:21:29 -0000

OK, so being offline most of today and about to get on the plane. I see two separate requirements
1) Email service discovery2) Email account config
The first I think should be dealt with using the SRV plus prefixed TXT record pattern that is already established for the purpose in IETF.
The issue here is that we need more than just discovery of the IP address of a host that can serve us. The existing spec is fine for setting the inbound and outbound hosts. But it doesn't have the TLS information I would want. [And no, I do not want to use a DANE hack for reasons I have set out at length in the past.]
One of the security holes in the current email config is that we have a lot of SMTP auto protocols, only some of which are widely supported only some of which have code points registered and all of which are vulnerable to downgrade attacks. It is an ugly mess that I don't plan to propose a fix for right now. But what I do want to do is to define a clean interface to the existing mess.

Email account config is more than just service discovery. I want to be able to configure keys for Endy-mail which at minimum includes S/MIME and OpenPGP and possibly a future S/PGP. So when Alice is using her email client from her laptop and her phone and her tablet, she needs all of them to be automatically provisioned with the necessary keys.
That is what I mean by account configuration and that is what the Mathematical Mesh was originally designed to address. Late in the implementation, I realized that I could also just configure the email account network settings. But that is supplemental to, not a replacement for SRV+TXT config.
The reason for this is that the Mesh profile manager has to find configuration info from somewhere. Right now it will pull them out of a configured email app. But I would also like to be able for the profile manager to pull that info directly. 

Looking at this, I don't see WebFinger as being the answer to either part. We have an IETF architecture for Service discovery, it uses SRV + TXT and there is a quite comprehensive documentation of that in RFCs. I did try to work out if I could use WebFinger for the same uses as I support in the Mesh and I don't think it helps. 
So very committed to helping solve this. I don't think WebFinger is the approach to use.

Sent from Outlook Mobile

On Tue, Feb 9, 2016 at 1:39 PM -0800, "Doug Royer" <> wrote:

Maybe the there are two separate issues.

 - How to containerize and standardize passing of configuration
information from service provider to consumer. Maybe a MIME type with
sub-registration of protocol (email, calendar, VOIP, ...), and mandating
it be sent encrypted.

 - How to transport that information across whatever transport is
available. SRV record to MIME blob URL, sent in email, HTTP/FTP
download, ...


Doug Royer - (http://DougRoyer.US)