Re: [apps-discuss] Mail client configuration via WebFinger

Dave Cridland <dave@cridland.net> Mon, 08 February 2016 08:16 UTC

Return-Path: <dave@cridland.net>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C3241ACD39 for <apps-discuss@ietfa.amsl.com>; Mon, 8 Feb 2016 00:16:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VMXc39LD8A7z for <apps-discuss@ietfa.amsl.com>; Mon, 8 Feb 2016 00:16:04 -0800 (PST)
Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 494681ACD48 for <apps-discuss@ietf.org>; Mon, 8 Feb 2016 00:16:04 -0800 (PST)
Received: by mail-wm0-x233.google.com with SMTP id 128so144067862wmz.1 for <apps-discuss@ietf.org>; Mon, 08 Feb 2016 00:16:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cridland.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=jVQ7R4ahe+nt3LAhL1fYYyobR7LfDcFyTFRqhj4XbP4=; b=bzMSOA1fbWpBiMNCzVmaJT3xVsY6RBq+a8csAkemDUxrbk6DAjkU2QpKgjlSDNXstK xP4D8wIcInRGXTG7lVmViNRz78O9BlnNXg5ZBkGxNsGM4Mz/Z83OsBFzpA29d8FQ9YSJ 2r6SyaZFX37DEzi6t6y5rz4kdqbKg0/n6Aulo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=jVQ7R4ahe+nt3LAhL1fYYyobR7LfDcFyTFRqhj4XbP4=; b=ki6uijdoidSETsXrZQmJSSIS/gt0au4Lh7OShPWTAUQtootK6rG/N2TZEI/dxus9wc jmv2812ed2WVeQqoUrqSd7E1GmWJ8KCep5fZF34apZCGAKwDaljC45bBciOyM8cEzI9b 0w2X8E+OyEsxC38WMbnwNeT3QWyme/OJNoSCFUINKn+W9PNV1fMe4mXyVwHqKPCgwYKY dOLJrUpLBryStplgdoAPSDAaig5SGoHEHOAiQIHss7QgMvGRJXatyGvWxJPJMs6XVTQ9 xp5y9sID/+TpkPy9nVl1xbbTqE0FA6zQG3PSSdZckQI2rK/33mbo6UHPCzWjk7C2wj+s u4nw==
X-Gm-Message-State: AG10YORpGiySMAVgWRlACfOGok1xUls6GeDovRg7QYqv2236qhP20JDnwfE6t018KIGmc8VAsuBn0QdF8BSQq3zV
MIME-Version: 1.0
X-Received: by 10.28.179.84 with SMTP id c81mr50028363wmf.30.1454919362802; Mon, 08 Feb 2016 00:16:02 -0800 (PST)
Received: by 10.28.47.151 with HTTP; Mon, 8 Feb 2016 00:16:02 -0800 (PST)
In-Reply-To: <20160208030010.88340.qmail@ary.lan>
References: <EE5D283AC957E10DA443AA15@JcK-HP8200.jck.com> <20160208030010.88340.qmail@ary.lan>
Date: Mon, 8 Feb 2016 08:16:02 +0000
Message-ID: <CAKHUCzz_w_FWLZTjOTroOgwR3GPwyMk6gCFk4-Fdj0RBRqvLHw@mail.gmail.com>
From: Dave Cridland <dave@cridland.net>
To: John Levine <johnl@taugh.com>
Content-Type: multipart/alternative; boundary=001a1145392ccc140c052b3dcf1e
Archived-At: <http://mailarchive.ietf.org/arch/msg/apps-discuss/sesXKfn6htoSJCrTEFMwtwTnXqw>
Cc: "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] Mail client configuration via WebFinger
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/apps-discuss/>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Feb 2016 08:16:06 -0000

On 8 February 2016 at 03:00, John Levine <johnl@taugh.com> wrote:

> >Paul, I wonder whether it is time to revisit ACAP.
>
> I see your point, but I think the answer is no.  The only ACAP
> implementation I can find is one that Dave Cridland put on github in
> 2014, with a note saying it's work he did a decade earlier and it was
> extremely difficult to implement.


There's also two CMU implementations, one in OCAML I think, and the other
in C++. The former one works, but has issues; the latter one never did I
think. I like to describe my implementation as the first working one.

FWIW, much of the difficulty in implementation was my lack of experience in
implementing publish/subscribe systems; I saw ACAP at the time as a kind of
hierarchical database with these weird CONTEXT things; these days I think
I'd implement it as a pub-sub system with a search function and probably
get along better.

In any case, ACAP has serious shortcomings - none of which are based on its
syntax or essential capability.

The primary issue is that the user on-boarding path has to start with an
ACAP username and hostname. This derails everything else.


> There might be one in the
> commercial Communigate MTA which wouldn't surprise me because Mr.
> Communigate is the kind of guy who implements everything just to be
> complete, but if it exists, it's proprietary.  I don't see any ACAP
> client libraries other than one that looks like an abandoned Java
> implementation from 2007.
>

The Communigate server is very limited in various interesting ways.

As for libraries, I wrote one (and an entire MUA) in Python some time back.


>
> >> The idea is basically this:
> >>   * User enters paulej@example.com into the email client and email
> password
> >>   * Email client queries
> >>
> https://example.com/.well-known/webfinger?resource=acct%3Apaulej%40example.com
>
> Looking at the success of RDAP, it seems to be a good idea to put
> together pieces that people already have implemented.  RDAP is easy
> because we already have https query libraries and JSON decoding
> libraries, and I'd say this would be too.
>
> For this application, I'd put in an extra level of indirection with an
> SRV or URI lookup, since many (most?) domains have their mail servers
> far away from the web servers, and the SRV or URI would give you some
> confidence that the server you were talking to would understand the
> question you were asking.
>
> I think the security issues are manageable.  An https request with
> some sort of verification of the server certificate is more secure
> than what nearly all MUAs do to verify their imap and pop servers now.
>
> R's,
> John
>
> _______________________________________________
> apps-discuss mailing list
> apps-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/apps-discuss
>