Re: [art] Auto-configuring Email Clients via WebFinger

["Paul E. Jones" <paulej@packetizer.com>]

John,

Other than Thunderbird, what clients support Mozilla's procedures?

I really don't care about any existing proprietary solutions out there, 
as they're clearly doing me no good at all.

I'd prefer we define something simple that people will adopt.  WebFinger 
is just an HTTP query, but if we wanted to have a different HTTP query, 
that's fine.  I just think we need to document something in an RFC, else 
nothing will ever get universally adopted.

Paul

------ Original Message ------
From: "John R Levine" <johnl@taugh.com>
To: "Paul E. Jones" <paulej@packetizer.com>
Cc: "John Levine" <johnl@taugh.com>; art@ietf.org
Sent: 7/16/2019 3:31:34 PM
Subject: Re: [art] Auto-configuring Email Clients via WebFinger

>>The scheme you show is very similar to the WebFinger proposal.
>
>Yes, I realize that.  But my point is that the scheme I show actually exists, whereas webfinger in MUAs does not.
>
>>Another thing to consider is migration.  When a service provider needs to move a bunch of users from one server cluster to another, would it make more sense to write configs into the customer's /autoconfig/ directories or update config files they maintain separately?
>
>Neither, I'd say.  Any provider big enough for that to be a problem should be able to generate the config files on the fly from their main database as requested.  I presume you know that slashes in a URL need not have any connection to a file system on a server.
>
>>Given the push-back I got about XML back then, too, it's probably best this is in JSON format (though, again, I have no strong preference).
>
>I don't care either, except that the MUA code that exists now uses XML.
>
>R's,
>John
>
>>>More concretely, it seems to me that it would be better to make this a
>>>profile of the existing autoconfigure scheme, which some MUAs
>>>implement, rather than webfinger, which no MUAs implement.
>>>
>>>The Mozilla design (over-design, really) looks up the configuration
>>>for alice@example.com at
>>>https://example.com/.well-known/autoconfig/mail/config-v1.1.xml or
>>>https://autoconfig.example.com/mail/config-v1.1.xml?emailaddress=alice@example.com
>>>
>>>On the theory that web servers generally ignore GET parameters that they don't understand, we can look up
>>>
>>>https://example.com/.well-known/autoconfig/mail/config-v1.1.xml?emailaddress=alice@example.dom&password=swordfish
>>>
>>>and it returns Alice's mail setup, possibly ignoring the address and password and returning a common
>>>setup for all the mailboxes at example.com.  The password makes it harder for people who aren't
>>>Alice to snoop on her mail setup.
>>>
>>>This doesn't give you the extra Personal/Business level of
>>>indirection, but I have no idea what it would mean to have two
>>>different mail configurations for the same e-mail address.  I have
>>>personal and business mail addresses, but they're different addresses
>>>which I presumably know and configure either or both as needed.