Re: [art] Auto-configuring Email Clients via WebFinger
Marten Gajda <marten@dmfs.org> Mon, 22 July 2019 22:29 UTC
Return-Path: <marten@dmfs.org>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 533F9120094 for <art@ietfa.amsl.com>; Mon, 22 Jul 2019 15:29:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dmfs.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6qBMcHH03mmQ for <art@ietfa.amsl.com>; Mon, 22 Jul 2019 15:29:36 -0700 (PDT)
Received: from mailrelay2-1.pub.mailoutpod1-cph3.one.com (mailrelay2-1.pub.mailoutpod1-cph3.one.com [46.30.210.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C44C1200BA for <art@ietf.org>; Mon, 22 Jul 2019 15:29:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dmfs.org; s=20140924; h=content-transfer-encoding:content-type:in-reply-to:mime-version:date: message-id:from:references:to:subject:from; bh=o3XlY+2O6EiHRjdzMrp1911OrccjvwD/8ETkfdpEQs0=; b=n3+S/yNRzGtEMwwJ61Gbpr/j4jP3i+eVzxPp02iN7hs6a4rlVgVEd+c3P8X03/0CfLacKgNTxSoqv uXkFcUMwRd8FbjyDKfPdAhDd3Us3F3/cXwjYumsZN6K7jHwCWi7/KxH8xzpOfkP1G56BeDzH8sFGqf pZsCHrXxR60MtBzE=
X-HalOne-Cookie: cba0d2f8371289fb32fa90790008c02b4b1a74cf
X-HalOne-ID: 2d324a50-acd0-11e9-b9fd-d0431ea8a290
Received: from smtp.dmfs.org (unknown [79.254.14.231]) by mailrelay2.pub.mailoutpod1-cph3.one.com (Halon) with ESMTPSA id 2d324a50-acd0-11e9-b9fd-d0431ea8a290; Mon, 22 Jul 2019 22:29:32 +0000 (UTC)
Received: from boss.localdomain (p2E50E39C.dip0.t-ipconnect.de [46.80.227.156]) by smtp.dmfs.org (Postfix) with ESMTPSA id 25A3F1F4 for <art@ietf.org>; Tue, 23 Jul 2019 00:29:32 +0200 (CEST)
To: "art@ietf.org" <art@ietf.org>
References: <eme8317959-26f9-4a9d-b2be-d2f8cb0961f6@sydney> <1b042605-4b3a-40b7-a792-2390c924282f@www.fastmail.com> <cdc61ea9-0607-e5e9-8af8-6ac488f5e56b@dmfs.org> <20190719133320.aPmih%steffen@sdaoden.eu>
From: Marten Gajda <marten@dmfs.org>
Message-ID: <bda8ce9d-5ac7-c943-cff5-5378affc33cd@dmfs.org>
Date: Tue, 23 Jul 2019 00:29:29 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <20190719133320.aPmih%steffen@sdaoden.eu>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/pneh3yMqw7TEnKi0F02xFwkV44Y>
Subject: Re: [art] Auto-configuring Email Clients via WebFinger
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jul 2019 22:29:39 -0000
Am 19.07.19 um 15:33 schrieb Steffen Nurpmeso: > Marten Gajda wrote in <cdc61ea9-0607-e5e9-8af8-6ac488f5e56b@dmfs.org>: > |As a client developer, I want to provide a smooth UX to our users. \ > |This means I need much more information than just a server URL. > > You want to present them a barcode that they can scan with their > smart phone and which is made available via some local registry to > any interested application (via some kind of IPC, say DBUS), then. Sure, but that provisioning part, which also contains user specific data (e.g. account name or maybe even credentials), should be a separate standard. Also, you don't want to share account data with "any interested application". I'd prefer if the setup component checks the system (and optionally the app store or software repository) for applications which can handle the protocols in the service configuration document and asks the user for which ones to provision with the configuration and access tokens > |For instance, I also want to > | > |* present the name or logo of the provider which hosts the user's account, \ > |ideally before they enter their credentials, > > You made a contract with a provider, and it has given you > credentials to use. The provider has an IP address, and you have > submissions, pop3s and imaps access. On the web site's welcome page > the services URLs were noted. (Let's say imap.XY.Z.) So? The idea behind an auto-configuration or service-discovery is to avoid having to type any URLs into client applications. Also I'd expect the client to rerun the discovery every now and then (for instance when the cache expired) and pick up configuration changes (like newly supported services). > > |* provide links to support channels, reset password pages, account \ > |management, > > Ha! If it were that easy to find these pages on the web site of > your provider!! Shiny happy people there will be, i bet. I'm not sure how to understand this statement. If you suggest that some service providers deliberately "hide" password reset and settings pages to present more ads to the user and they wouldn't be interested in providing these shortcuts, you may be right. But many providers still value usability and user experience, not to mention all the other non-freemail providers and use cases (like corporate services). Maybe you just have the wrong provider. If that's not what you suggest, please be more specific. > > |* know the OAuth endpoints, if available, > |* know the OpenID Connect endpoints, so I can register my OAuth client \ > |dynamically, > |* know the OAuth scope tokens I need in order to access a service, > > I personally have problems with OAuth. Not because of the > standard group split, but mostly because you have to go over > dedicated web sites (likely), granted, today without advertising. > You can also go over onion to avoid IP-based location tracking > (maybe, still), i develop fears this may not legally be possible > anymore in a not too distant future. (I do not use onion.) > > It would be nicer to have a client certificate (with password, > possibly), that can be very easily refreshed/replaced, maybe as > part of normal TLS payload, through whatever protocol i am > currently connected to my provider, may it be SMTPS, IMAPS, POP3S, > (HTTPS). With a master account key. And the possibility to > revoke the old client certificate and refetch a new one simply by > establishing a normal TLS session followed by a normal login with > that key. You can diverse that and use diverse client id, client > secret and an access token. > > I just have implemented OAUTHBEARER for my MUA's SMTP, POP3 and > IMAP parts. While testing i needed the refresh token once an > hour, and the client id, and the client secret. So, once an hour, > i need to load/decrypt the file which stores that triple. It does > not contain the account's master password, this is true. > When i close the lid of my notebook i am protected, because the > encrypted filesystem will then be automatically unmounted, but > different to kdestroy(1) -A the token is still valid for some > time. You're off-topic. Anyway, you're welcome to propose a new standard and I'd be happy to implement it once its ratified. For now OAuth2 is one of the better options we have in terms of privacy and security. In general, a service configuration protocol certainly should be agnostic to how authentication is performed by the services. However, if the authentication method requires the knowledge of certain endpoints they should be provided in that document. > |* know which endpoints serve the same data via different protocols, > |* know *all* the available services (not just the ones I know about), \ > |so I can suggest other clients which may be useful. > > Wow. A different scenario. You are the employee of a company and > have been sent via airplane (which i would refuse to do, since > airplanes are killers) to a different state/country, to another > subsidiary of the company. You are expected to login via their > local net. (I would wonder why they do not use some kind of > company VPN, and if it is as simplicistic as via tinc. But ok, > i have no idea for one, and second the requirement to go over > a local subdomain i could still imagine.) Not sure what you're talking about. > > This points us back to the first paragraph. Or the second. > What is wrong with having the corresponding (A,AAAA,MX,SRV etc.) > DNS entries for state1.company.xy and state2.company.xy? > Add some more for logos (if not yet existing) or whatever. For starters, not all Frameworks allow you to resolve anything but A(AAA) records. On Java (and Android for that matter) it's not so trivial to lookup MX or SRV records or even the current DNS server address. A simple GET request to a well-known address, on the other hand, is barely an issue. There may be use cases in which it may not be possible or reasonable to set up a webserver just to provide that document, for instance when a service only provides email. In these cases we could offer a fallback mechanism which allows a client to retrieve the document from another location, for instance by providing an SRV record which points to the location of the service configuration document. Other fallbacks may be possible as well, but .well-known would definitely preferred. > There is also that WWW paradigm of having a favicon.ico in the > root of your web presence, it will be fetched up automatically by > browsers, why can't you? That's exactly what I'm proposing, allowing clients to get the configuration for all services offered by a provider with a single GET request to a well-known address (e.g. `/.well-known/services`). Imagine the favicon.ico location would have to be retrieved by looking up the "favicon" SRV record. > You need to have A/AAAA for the web presence in the DNS, why can't > you have MX / SRV for the other non-HTTPS services, too? What's your point? You also need A/AAAA records for the non-HTTPS services? You're comparing Apples and Oranges. DNS is not suitable to provide that kind of structured information. One of the reasons is that you only get information that you've explicitly asked for, so you'd have to request every single bit of information that you can use, without even knowing whether it exists. > You want personalization on a per-user level, and you do not > control your DNS zone, and you do not want to spend a little bit > of money to get your own little DNS zone? You would spawn a DNS > server on your box to overcome this, but getaddrinfo(3) does not > allow specifying which DNS server is to be asked? Aha! Yes, that > is a problem. You want to furtherly enforce decentralisation by > moving responsibility away from the controlled and otherwise > constrained DNS to anyway running "private" HTTP servers. (A > company could still have a VPN to overcome this, me thinks.) > > If it is because DNS is controlled and constrained then following > the pigeon RFC there should possibly be an albatross RFC. So that > slow people like me understand the issue, finally. There is > mischief! There is mischief! I see more robots passing by that > collect all the information stored in .well-known. That's one more point for .well-known, if you ask me. Unless you have your own private DNS server, all the SRV records are publicly available. A service configuration document under .well-known can easily be protected with authentication. IMO you should be able to retrieve a redacted version of the document without authentication which just gives enough information to know who you're talking to and how to authenticate to get more info (e.g. by providing OAuth2 endpoints). There is no need to disclose more information to unauthenticated users than you'd disclose by setting up SRV records. Hosting your own DNS zone comes at a price as you've just noted above. You'll have higher efforts to maintain the server and you'll have to make sure your client application uses the correct DNS server. So you'll most likely have to enter it manually somewhere. This sort of defeats the purpose of an automated service configuration. In many cases a simple service configuration document can be hosted statically. In other cases your server software (e.g. your Groupware) could handle that for you. Maintaining DNS is not so easy and while TLS encryption is almost trivial to set up these days (e.g. using letsencrypt), DNSSEC is not that common yet (https://stats.labs.apnic.net/dnssec). > I see people > getting bombed because of information stored under .well-known, > for nothing, who could they ask instead of a lawyer in that case? Again, you can protect sensitive, non-public information with authentication when using a .well-known resource. In addition a simple document wouldn't have to contain much more information than you're proposing to publish via DNS to the world. > | > |The attached example shows how a document might look like as per the \ > |current status. > > The draft[1] contains examples. > > [1] https://tools.ietf.org/html/draft-jones-webfinger-email-autoconfig-00 Yes, but my example doesn't use WebFinger and addresses a few other issues. Have you actually seen it? Cheers, Marten > > --steffen > | > |Der Kragenbaer, The moon bear, > |der holt sich munter he cheerfully and one by one > |einen nach dem anderen runter wa.ks himself off > |(By Robert Gernhardt) -- Marten Gajda CEO dmfs GmbH Schandauer Straße 34 01309 Dresden GERMANY phone: +49 177 4427167 email: marten@dmfs.org Managing Director: Marten Gajda Registered address: Dresden Registered No.: AG Dresden HRB 34881 VAT Reg. No.: DE303248743
- [art] Auto-configuring Email Clients via WebFinger Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Bron Gondwana
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… Larry Masinter
- Re: [art] Auto-configuring Email Clients via WebF… John R Levine
- Re: [art] Auto-configuring Email Clients via WebF… Arnt Gulbrandsen
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… John R Levine
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Austin Wright
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Steffen Nurpmeso
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… John R Levine
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Arnt Gulbrandsen
- Re: [art] Auto-configuring Email Clients via WebF… Dave Cridland
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… Phillip Hallam-Baker
- Re: [art] Auto-configuring Email Clients via WebF… John R Levine
- Re: [art] Auto-configuring Email Clients via WebF… Steffen Nurpmeso
- Re: [art] Auto-configuring Email Clients via WebF… Steffen Nurpmeso
- Re: [art] Auto-configuring Email Clients via WebF… Marten Gajda
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… John R Levine
- Re: [art] Auto-configuring Email Clients via WebF… Marten Gajda
- Re: [art] Auto-configuring Email Clients via WebF… Dave Cridland
- Re: [art] Auto-configuring Email Clients via WebF… Dave Cridland
- Re: [art] Auto-configuring Email Clients via WebF… Steffen Nurpmeso
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Marten Gajda
- Re: [art] Auto-configuring Email Clients via WebF… Dave Cridland
- Re: [art] Auto-configuring Email Clients via WebF… John R Levine
- Re: [art] Auto-configuring Email Clients via WebF… Dave Cridland
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Steffen Nurpmeso
- Re: [art] Auto-configuring Email Clients via WebF… Marten Gajda
- Re: [art] Auto-configuring Email Clients via WebF… Paul E. Jones
- Re: [art] Auto-configuring Email Clients via WebF… John Levine
- Re: [art] Auto-configuring Email Clients via WebF… Dave Cridland
- Re: [art] Auto-configuring Email Clients via WebF… Steffen Nurpmeso
- Re: [art] Auto-configuring Email Clients via WebF… John Levine