Re: [art] Auto-configuring Email Clients via WebFinger
"Paul E. Jones" <paulej@packetizer.com> Tue, 16 July 2019 17:06 UTC
Return-Path: <paulej@packetizer.com>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 851D8120225 for <art@ietfa.amsl.com>; Tue, 16 Jul 2019 10:06:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=packetizer.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JOgcKijxiouT for <art@ietfa.amsl.com>; Tue, 16 Jul 2019 10:06:34 -0700 (PDT)
Received: from dublin.packetizer.com (dublin.packetizer.com [IPv6:2600:1f18:24d6:2e01:e842:9b2b:72a2:d2c6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5FDC31201AF for <art@ietf.org>; Tue, 16 Jul 2019 10:06:34 -0700 (PDT)
Received: from authuser (localhost [127.0.0.1])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=packetizer.com; s=dublin; t=1563296791; bh=hSFBHCm/T8C6deDEEMyC8TE6q37BjAlb2rk+7QuArl4=; h=From:To:Subject:Date:In-Reply-To:References:Reply-To; b=SvtV+GPGG65/Kcftu5oyJqP6SnPcBmxpGm7ClNlj5iCIZpLTOTCoFL1BMXJF+lBHR kL+fdTYDOhjITpNsOcDbSTBCx7ogW+X4jA7qqm3H6Wn8AImy+j7hF/do5jKFMzYrc5 em2zMUUNzE/Pkj+4zbkZlSHh9n0/RbbRETdQFsf8=
From: "Paul E. Jones" <paulej@packetizer.com>
To: John Levine <johnl@taugh.com>, art@ietf.org
Date: Tue, 16 Jul 2019 17:06:29 +0000
Message-Id: <emf7e4da87-5975-484c-8fe3-47863fb4cfd3@sydney>
In-Reply-To: <20190716050506.BA8894C5D36@ary.qy>
References: <eme8317959-26f9-4a9d-b2be-d2f8cb0961f6@sydney> <20190716050506.BA8894C5D36@ary.qy>
Reply-To: "Paul E. Jones" <paulej@packetizer.com>
User-Agent: eM_Client/7.2.35595.0
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="------=_MBA971499B-8670-48D9-B335-9E34ED0D1236"
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/DVn04zzMbgYZ2jT2RGE3ZF1VOhk>
Subject: Re: [art] Auto-configuring Email Clients via WebFinger
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2019 17:06:38 -0000
John, The scheme you show is very similar to the WebFinger proposal. Essentially, the client queries a well-known address and is given a JSON document inside of which is the URL of the config file. That config could easily be put into the initial query, but folks did not want to do that back then. I do have an old example of how to do that, though, but it's not in this draft (since security concerns were expressed back then). Another thing to consider is migration. When a service provider needs to move a bunch of users from one server cluster to another, would it make more sense to write configs into the customer's /autoconfig/ directories or update config files they maintain separately? Given the push-back I got about XML back then, too, it's probably best this is in JSON format (though, again, I have no strong preference). I think a standard needs to exist so that client developers can adhere to something and I think it's unfortunate all we have a vendor-specific solutions. Do others agree? Or am I one of the few who has this frustration? I suspect I'm not. :) Paul ------ Original Message ------ From: "John Levine" <johnl@taugh.com> To: art@ietf.org Cc: paulej@packetizer.com Sent: 7/16/2019 1:05:06 AM Subject: Re: [art] Auto-configuring Email Clients via WebFinger >In article <em20c214d4-507e-4859-99fc-460e3919ac55@sydney> you write: >>I have no strong preference for how we solve the problem, but I think we >>need a standard for this. I also think we should take into >>consideration the privacy concerns that were raised when I first talked >>in context of WebFinger several years ago. Specifically, people wanted >>a way to ensure access to the config file was protected. (I do not >>recall now why people wanted to keep that private, but they did and were >>insistent on it.) > >Probably to make it harder to enumerate e-mail addresses. I don't have much >sympathy for that argument, since bad guys already have more addresses to >spam than they know what to do with, but it's not a big deal. > >More concretely, it seems to me that it would be better to make this a >profile of the existing autoconfigure scheme, which some MUAs >implement, rather than webfinger, which no MUAs implement. > >The Mozilla design (over-design, really) looks up the configuration >for alice@example.com at >https://example.com/.well-known/autoconfig/mail/config-v1.1.xml or >https://autoconfig.example.com/mail/config-v1.1.xml?emailaddress=alice@example.com > >On the theory that web servers generally ignore GET parameters that they don't >understand, we can look up > >https://example.com/.well-known/autoconfig/mail/config-v1.1.xml?emailaddress=alice@example.dom&password=swordfish > >and it returns Alice's mail setup, possibly ignoring the address and password and returning a common >setup for all the mailboxes at example.com. The password makes it harder for people who aren't >Alice to snoop on her mail setup. > >This doesn't give you the extra Personal/Business level of >indirection, but I have no idea what it would mean to have two >different mail configurations for the same e-mail address. I have >personal and business mail addresses, but they're different addresses >which I presumably know and configure either or both as needed. > >R's, >John >
- [art] Auto-configuring Email Clients via WebFinger Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Bron Gondwana
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… Larry Masinter
- Re: [art] Auto-configuring Email Clients via WebF… John R Levine
- Re: [art] Auto-configuring Email Clients via WebF… Arnt Gulbrandsen
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… John R Levine
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Austin Wright
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Steffen Nurpmeso
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… John R Levine
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Arnt Gulbrandsen
- Re: [art] Auto-configuring Email Clients via WebF… Dave Cridland
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… Phillip Hallam-Baker
- Re: [art] Auto-configuring Email Clients via WebF… John R Levine
- Re: [art] Auto-configuring Email Clients via WebF… Steffen Nurpmeso
- Re: [art] Auto-configuring Email Clients via WebF… Steffen Nurpmeso
- Re: [art] Auto-configuring Email Clients via WebF… Marten Gajda
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… John R Levine
- Re: [art] Auto-configuring Email Clients via WebF… Marten Gajda
- Re: [art] Auto-configuring Email Clients via WebF… Dave Cridland
- Re: [art] Auto-configuring Email Clients via WebF… Dave Cridland
- Re: [art] Auto-configuring Email Clients via WebF… Steffen Nurpmeso
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Marten Gajda
- Re: [art] Auto-configuring Email Clients via WebF… Dave Cridland
- Re: [art] Auto-configuring Email Clients via WebF… John R Levine
- Re: [art] Auto-configuring Email Clients via WebF… Dave Cridland
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Steffen Nurpmeso
- Re: [art] Auto-configuring Email Clients via WebF… Marten Gajda
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Dave Cridland
- Re: [art] Auto-configuring Email Clients via WebF… Steffen Nurpmeso
- Re: [art] Auto-configuring Email Clients via WebF… John Levine