Re: [art] Auto-configuring Email Clients via WebFinger
Dave Cridland <dave@cridland.net> Thu, 25 July 2019 08:29 UTC
Return-Path: <dave@cridland.net>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A0901200C5 for <art@ietfa.amsl.com>; Thu, 25 Jul 2019 01:29:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cridland.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iQRTmcZGmWHJ for <art@ietfa.amsl.com>; Thu, 25 Jul 2019 01:29:09 -0700 (PDT)
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0025120460 for <art@ietf.org>; Thu, 25 Jul 2019 01:29:08 -0700 (PDT)
Received: by mail-ed1-x531.google.com with SMTP id s49so14619387edb.1 for <art@ietf.org>; Thu, 25 Jul 2019 01:29:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cridland.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RDzGTE7UM4XFD0OAaDmeiVee+Q2dC/ktyGRlPZJfGpk=; b=LyCcKLtSvcvKyr+lSACEwFNkFl+Myf9vzZrp9/Lvj1K/X/Y9tnuEqSQV4w/9swfrtd B6ldU3K9CA4HKMTkH/VnaQEdvptPCcN5Gax9yvqZFU5HT0hSN7JT8toTWroM8exdqZa+ VH26ffg3PvAFgt50xrXf8qu1F0VjmO5h1YVoQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RDzGTE7UM4XFD0OAaDmeiVee+Q2dC/ktyGRlPZJfGpk=; b=SDqJAoa46hdMtoAtNYo6vJMHmJi9YAdbpKXS35hYhwprE+kemofycrF+hlFe+XDWAX E4/96UidLWnoUZkhTy623WprwyerE701M9Kqy+zPg1GunodSYFS8VHOr3WI5jGyttr/Z tDSzJOYpksIGPcj/nbcbAEuTkmGyMDrdipO+d7vLKcP1RGTFbR80ufYbUm/Z3q/Yvw9r IKDMfpTiyOoqOApXLEbH2uXaquxv5cWpHZo5MwYPtdItqaa7CNyycgjxSP/ffnE3NFiH hOraEy/YNdOq2MLISycpIyAOFLlDUIIGrwk/cX2O6W4YZZH+vU1Ei56/mjXM+4ERfUzK rj6A==
X-Gm-Message-State: APjAAAUwoeB+JA1cA4H42MXlf0/C3eMZvzzaxQ9QM/IgEQx8I1FcSPak UZz6imGxCQBpYjY1iXpYCq7Y22YhFXXXzmRKL1XIsrQHd8A=
X-Google-Smtp-Source: APXvYqwfpAbUZn7DNDAv7Cpd2gz2M7lILVrbpqqilQbf7uIxBo4Enaw0jryndB+YwdIsLsof+dbIclu5GDn1gNXoaMs=
X-Received: by 2002:a17:906:b243:: with SMTP id ce3mr65648237ejb.176.1564043347198; Thu, 25 Jul 2019 01:29:07 -0700 (PDT)
MIME-Version: 1.0
References: <CAKHUCzzS+k_DUwaBcvTH_68G4JS_6UHA=b6Ak49HuPVgta6zwg@mail.gmail.com> <20190720050445.925A852550A@ary.qy> <CAKHUCzwxTYbtV8vYyyzRtF_XfcX8KmfaSRjX3tsc1ZY_0eBR3g@mail.gmail.com> <alpine.BSF.2.21.9999.1907231225350.69540@gal.iecc.com> <CAKHUCzya4dZ5sdTxYvcC4n4Guo_AKU7E42iGC2vq05tUwZw38Q@mail.gmail.com> <emcdd0350d-c74e-4e88-9c5d-aa68b4128984@sydney>
In-Reply-To: <emcdd0350d-c74e-4e88-9c5d-aa68b4128984@sydney>
From: Dave Cridland <dave@cridland.net>
Date: Thu, 25 Jul 2019 09:28:56 +0100
Message-ID: <CAKHUCzzuTaOscFjPCJz3oR_whUVdEnhpKBwsffKB5jX5yGDEdw@mail.gmail.com>
To: "Paul E. Jones" <paulej@packetizer.com>
Cc: John R Levine <johnl@taugh.com>, "General Area Review Team (gen-art@ietf.org)" <art@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001f985c058e7d386c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/pY6fNCwcKcrL62LgMOX25mmqYtI>
Subject: Re: [art] Auto-configuring Email Clients via WebFinger
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jul 2019 08:29:13 -0000
On Thu, 25 Jul 2019 at 05:09, Paul E. Jones <paulej@packetizer.com> wrote: > Dave, > > We could bake that functionality into the autoconfig fomat, of course, but > it feels like refreshing the config can happen at a different cadence to a > SRV lookup, and besides, SRV works well. > > > It works well for the simplest use case, but SRV records are really > limited. I can name a three things SRV records cannot do today that are > effectively render it useless for me: > > 1) It cannot tell the MUA the login ID to use (which may or may not be the > email address) [or what credential mechanism to use] > > 2) It cannot specify (if I recall) that TLS must be used per corporate > policy [this is important since both IMAP and mail submission generally > offer STARTTLS as an option] > > 3) It doesn't allow specifying different servers for different users > > And to re-iterate, I'm not suggesting we should forgo any kind of autoconfiguration format in favour of SRV; I'm suggesting that having the autoconfiguration format specify servers in the form of SRV would be useful. That said, (2) is irrelevant on two counts : a) You can use `imaps` SRV records just fine. They're published for gmail.com, go have a look. b) You can require TLS via STARTTLS within the protocols, and you'd have to anyway, irrespective of what any autoconfiguration stipulated. Would you consider stipulating a policy in an autoconfiguration file but not enforce it in the services? I shall now reiterate the arguments in favour of using SRV in this way, because it seems I've not be clear enough. First, some background: I have written both email servers and an MUA, and for the latter, I wrote a complete ACAP server to support autoconfiguration. ACAP is effectively dead, but the experience has left me with some practical experience of how to write autoconfiguration support in an MUA, and - more importantly - some idea of how one might retrofit that support into an existing MUA. The fact is that existing MUAs often have plenty of support for an autoconfiguration step, but it exists during setup. So you can easily specify authentication identifiers and so on at this point, but if the autoconfiguration source changes, you're out of luck. This is unsurprising, since with IMAP at least, a decent MUA has to do quite substantial effort on first connect anyway in order to make decisions on the remote server's mailbox layout. It might change with JMAP, but all existing MUAs are currently IMAP-based, so in order to gain market traction, we need to aim for this "auto setup" model. The UX we're expecting is that, during Setup and "Add New Account", the user enters an email address, and specifies credentials, and they're done - the MUA will then autoconfigure the new account. There's lots of useful information that can be sourced here from an autoconfiguration service. Does the service support subaddressing? Is the authentication for the submission service the same as the authentication for the IMAP service (so, can I share credentials?). All of this is useful and vital information, and I'm not going to advocate scrapping it (instead, though, please do look at the ACAP dataset definitions for some thoughts and ideas - Randy Gellens put a lot of good work into those). During connection, there is more discovery. This includes locating the hosts via DNS, discovering what TLS support is available, discovering what authentication mechanisms are supported, and so on. There are pages of RFCs already in existence for how these different processes work, and much of it we - in the app layer - don't care about, because it's taken care of by DNS libraries, TLS libraries, and SASL. However, this second phase is routinely done - sometimes from scratch - every time a connection is made. It's here I'm suggesting that existing clients could easily be made to use SRV (with A/AAA fallback), and gain some useful resilience, since this resolution occurs on every connection, and not just on service configuration. Thanks to a lot of time spent in the XMPP space (where most clients fully autoconfigure off the Jid), I'm familiar with the benefits of SRV, and how easy or hard it is to do on most platforms (these days, very easy, and with added DNSSEC, DTLS, and/or DOH). There's also final part of discovery for an MUA. Here, after connection and authentication, an MUA looks at server layout, features, and so on. It will examine the mailbox layout. Is there a specific Drafts folder? What does NAMESPACE return? Is BURL supported on the submission server? While these are all, in principle, subject to change, doing so will deeply confuse many MUAs, so it's best to consider these a one-off setup. It is, I think, this that means that the pragmatic aim for this is to assume that whatever we choose to design, the protocol will mostly be used for "auto setup", and not a more continuous "auto configuration". Perhaps something else is the forcing factor though - in any event, auto configuration sources are used as one-off procedures during setup and not on as a part of connection, startup, etc. I hope this is clearer. Dave.
- [art] Auto-configuring Email Clients via WebFinger Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Bron Gondwana
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… Larry Masinter
- Re: [art] Auto-configuring Email Clients via WebF… John R Levine
- Re: [art] Auto-configuring Email Clients via WebF… Arnt Gulbrandsen
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… John R Levine
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Austin Wright
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Steffen Nurpmeso
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… John R Levine
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Arnt Gulbrandsen
- Re: [art] Auto-configuring Email Clients via WebF… Dave Cridland
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… Phillip Hallam-Baker
- Re: [art] Auto-configuring Email Clients via WebF… John R Levine
- Re: [art] Auto-configuring Email Clients via WebF… Steffen Nurpmeso
- Re: [art] Auto-configuring Email Clients via WebF… Steffen Nurpmeso
- Re: [art] Auto-configuring Email Clients via WebF… Marten Gajda
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… John R Levine
- Re: [art] Auto-configuring Email Clients via WebF… Marten Gajda
- Re: [art] Auto-configuring Email Clients via WebF… Dave Cridland
- Re: [art] Auto-configuring Email Clients via WebF… Dave Cridland
- Re: [art] Auto-configuring Email Clients via WebF… Steffen Nurpmeso
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Marten Gajda
- Re: [art] Auto-configuring Email Clients via WebF… Dave Cridland
- Re: [art] Auto-configuring Email Clients via WebF… John R Levine
- Re: [art] Auto-configuring Email Clients via WebF… Dave Cridland
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Steffen Nurpmeso
- Re: [art] Auto-configuring Email Clients via WebF… Marten Gajda
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Dave Cridland
- Re: [art] Auto-configuring Email Clients via WebF… Steffen Nurpmeso
- Re: [art] Auto-configuring Email Clients via WebF… John Levine