Re: [EAI] POP/IMAP authentication?

Shawn Steele <Shawn.Steele@microsoft.com> Tue, 14 July 2009 20:39 UTC

Return-Path: <Shawn.Steele@microsoft.com>
X-Original-To: ima@core3.amsl.com
Delivered-To: ima@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B4E3A3A677E for <ima@core3.amsl.com>; Tue, 14 Jul 2009 13:39:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.597
X-Spam-Level:
X-Spam-Status: No, score=-11.597 tagged_above=-999 required=5 tests=[AWL=1.002, BAYES_00=-2.599, GB_I_LETTER=-2, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OIQgGCOPuYXE for <ima@core3.amsl.com>; Tue, 14 Jul 2009 13:39:38 -0700 (PDT)
Received: from smtp.microsoft.com (mailb.microsoft.com [131.107.115.215]) by core3.amsl.com (Postfix) with ESMTP id 8A2B53A67E1 for <ima@ietf.org>; Tue, 14 Jul 2009 13:38:46 -0700 (PDT)
Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (157.54.79.180) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.99.4; Tue, 14 Jul 2009 13:32:12 -0700
Received: from tk5ex14mbxc105.redmond.corp.microsoft.com ([169.254.2.241]) by TK5EX14MLTC102.redmond.corp.microsoft.com ([157.54.79.180]) with mapi; Tue, 14 Jul 2009 13:32:11 -0700
From: Shawn Steele <Shawn.Steele@microsoft.com>
To: "daniel@taharlev.com" <daniel@taharlev.com>, "barryleiba@computer.org" <barryleiba@computer.org>
Thread-Topic: [EAI] POP/IMAP authentication?
Thread-Index: AQHJ/PNKL504HDqVmE68bFc3apkfNJBy4bmAgADqxxCAAdvXgIAAAMiA///d26A=
Date: Tue, 14 Jul 2009 20:32:12 +0000
Message-ID: <CAD7705D4A93814F97D3EF00790AF0B315FA82D9@tk5ex14mbxc105.redmond.corp.microsoft.com>
References: <CAD7705D4A93814F97D3EF00790AF0B315F536BD@tk5ex14mbxc105.redmond.corp.microsoft.com><4A4FD198.9010709@isode.com> <4A5A4DD7.5010605@alvestrand.no><CAD7705D4A93814F97D3EF00790AF0B315FA64C6@tk5ex14mbxc105.redmond.corp.microsoft.com><6c9fcc2a0907140819n2d5170c6s214956445b2f10ac@mail.gmail.com> <1233784060-1247585065-cardhu_decombobulator_blackberry.rim.net-179738162-@bxe1040.bisx.prod.on.blackberry>
In-Reply-To: <1233784060-1247585065-cardhu_decombobulator_blackberry.rim.net-179738162-@bxe1040.bisx.prod.on.blackberry>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: "ima@ietf.org" <ima@ietf.org>
Subject: Re: [EAI] POP/IMAP authentication?
X-BeenThere: ima@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "EAI \(Email Address Internationalization\)" <ima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ima>, <mailto:ima-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ima>
List-Post: <mailto:ima@ietf.org>
List-Help: <mailto:ima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ima>, <mailto:ima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jul 2009 20:39:39 -0000

Yes Barry, you said it better than I did.

I believe that some (not all) systems may want to permit ASCII-only AND Unicode authentication because a) Presumably Unicode is "easier" for the user (why we're doing this work), but b) Their mail client or phone or whatever may be restricted to ASCII for now.

Your text conveys the idea, it's not just migration though, it could be new accounts.  Also I only think it's informational, some apps may not need the handle this scenario.  Maybe ?

------
When a user creates a new Unicode account, or migrates an existing ASCII account to Unicode, applications need to consider the appropriate authentication needs for those users.  Some users may desire Unicode login information, yet be restricted to ASCII devices or clients.  In those cases, systems may choose to provide both a Unicode and an ASCII authentication mechanism.  This is not required, and systems may assign logon credentials as they see fit, however it is recommended that application developers carefully consider the use cases and needs of the end users to determine if ASCII and/or Unicode credentials are required.

Certain limitations may impact decisions about logon credentials:  Keyboards available to the user, anticipated public terminal use like kiosks or internet cafes, software limitations such as legacy mail clients, and hardware limitations such as cellular or satellite phones.

-Shawn

-----Original Message-----
From: Daniel Taharlev [mailto:daniel@taharlev.com]
Sent: Tuesday, July 14,  2009 8:22
To: barryleiba@computer.org; Shawn Steele
Cc: ima@ietf.org
Subject: Re: [EAI] POP/IMAP authentication?

Many of my users also have different machines with different keyboard layouts, and accounts set on several machines, it's not just a mobile phone issue imho... Be gentle it's my first post

daniel@taharlev.com

-----Original Message-----
From: Barry Leiba <barryleiba.mailing.lists@gmail.com>

Date: Tue, 14 Jul 2009 11:19:15
To: Shawn Steele<Shawn.Steele@microsoft.com>
Cc: ima@ietf.org<ima@ietf.org>
Subject: Re: [EAI] POP/IMAP authentication?


I think what Shawn's getting at, which Alexey and Harald haven't
addressed and which Shawn might not be making clear, isn't so much the
connection between the IMAP login and the email address as it is the
idea of limitations on, say, the user's device.

If I'm migrated to a new email address and if, in the process, I also
get a nifty new non-ASCII login (whether or not it's the same as the
email address... surely we can see that migrating both at the same
time might be a common thing), that may be OK when I'm using my
laptop, where I can enter, say, "лзыба" just fine.  But I might not
have a mobile phone yet that can enter Cyrillic letters (or Thai
characters, or whatever), and then I'd have a hard time logging in
from my mobile.

And I think Shawn's point, which I agree with if I'm getting that
right, is that it wouldn't be a bad thing to point that out and to
suggest that an ASCII version of the login be available for a
transition.  Perhaps some text vaguely like this:

---
When a user's email address is changed, it may be common -- perhaps
desirable -- to change the user's login identification as well.  It's
possible, however, that a user who gets a non-ASCII email address
might still have devices that are unable to enter a non-ASCII login
ID.  It is probably wise, therefore, to continue to accept an ASCII
version of the user's login ID -- perhaps the old one, or perhaps an
alternate ASCII version of the new one -- until the user confirms that
it is no longer necessary.
---

Barry
_______________________________________________
IMA mailing list
IMA@ietf.org
https://www.ietf.org/mailman/listinfo/ima