Re: [EAI] POP/IMAP authentication?
Shawn Steele <Shawn.Steele@microsoft.com> Tue, 14 July 2009 20:39 UTC
Return-Path: <Shawn.Steele@microsoft.com>
X-Original-To: ima@core3.amsl.com
Delivered-To: ima@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B4E3A3A677E for <ima@core3.amsl.com>; Tue, 14 Jul 2009 13:39:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.597
X-Spam-Level:
X-Spam-Status: No, score=-11.597 tagged_above=-999 required=5 tests=[AWL=1.002, BAYES_00=-2.599, GB_I_LETTER=-2, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OIQgGCOPuYXE for <ima@core3.amsl.com>; Tue, 14 Jul 2009 13:39:38 -0700 (PDT)
Received: from smtp.microsoft.com (mailb.microsoft.com [131.107.115.215]) by core3.amsl.com (Postfix) with ESMTP id 8A2B53A67E1 for <ima@ietf.org>; Tue, 14 Jul 2009 13:38:46 -0700 (PDT)
Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (157.54.79.180) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.99.4; Tue, 14 Jul 2009 13:32:12 -0700
Received: from tk5ex14mbxc105.redmond.corp.microsoft.com ([169.254.2.241]) by TK5EX14MLTC102.redmond.corp.microsoft.com ([157.54.79.180]) with mapi; Tue, 14 Jul 2009 13:32:11 -0700
From: Shawn Steele <Shawn.Steele@microsoft.com>
To: "daniel@taharlev.com" <daniel@taharlev.com>, "barryleiba@computer.org" <barryleiba@computer.org>
Thread-Topic: [EAI] POP/IMAP authentication?
Thread-Index: AQHJ/PNKL504HDqVmE68bFc3apkfNJBy4bmAgADqxxCAAdvXgIAAAMiA///d26A=
Date: Tue, 14 Jul 2009 20:32:12 +0000
Message-ID: <CAD7705D4A93814F97D3EF00790AF0B315FA82D9@tk5ex14mbxc105.redmond.corp.microsoft.com>
References: <CAD7705D4A93814F97D3EF00790AF0B315F536BD@tk5ex14mbxc105.redmond.corp.microsoft.com><4A4FD198.9010709@isode.com> <4A5A4DD7.5010605@alvestrand.no><CAD7705D4A93814F97D3EF00790AF0B315FA64C6@tk5ex14mbxc105.redmond.corp.microsoft.com><6c9fcc2a0907140819n2d5170c6s214956445b2f10ac@mail.gmail.com> <1233784060-1247585065-cardhu_decombobulator_blackberry.rim.net-179738162-@bxe1040.bisx.prod.on.blackberry>
In-Reply-To: <1233784060-1247585065-cardhu_decombobulator_blackberry.rim.net-179738162-@bxe1040.bisx.prod.on.blackberry>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: "ima@ietf.org" <ima@ietf.org>
Subject: Re: [EAI] POP/IMAP authentication?
X-BeenThere: ima@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "EAI \(Email Address Internationalization\)" <ima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ima>, <mailto:ima-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ima>
List-Post: <mailto:ima@ietf.org>
List-Help: <mailto:ima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ima>, <mailto:ima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jul 2009 20:39:39 -0000
Yes Barry, you said it better than I did. I believe that some (not all) systems may want to permit ASCII-only AND Unicode authentication because a) Presumably Unicode is "easier" for the user (why we're doing this work), but b) Their mail client or phone or whatever may be restricted to ASCII for now. Your text conveys the idea, it's not just migration though, it could be new accounts. Also I only think it's informational, some apps may not need the handle this scenario. Maybe ? ------ When a user creates a new Unicode account, or migrates an existing ASCII account to Unicode, applications need to consider the appropriate authentication needs for those users. Some users may desire Unicode login information, yet be restricted to ASCII devices or clients. In those cases, systems may choose to provide both a Unicode and an ASCII authentication mechanism. This is not required, and systems may assign logon credentials as they see fit, however it is recommended that application developers carefully consider the use cases and needs of the end users to determine if ASCII and/or Unicode credentials are required. Certain limitations may impact decisions about logon credentials: Keyboards available to the user, anticipated public terminal use like kiosks or internet cafes, software limitations such as legacy mail clients, and hardware limitations such as cellular or satellite phones. -Shawn -----Original Message----- From: Daniel Taharlev [mailto:daniel@taharlev.com] Sent: Tuesday, July 14, 2009 8:22 To: barryleiba@computer.org; Shawn Steele Cc: ima@ietf.org Subject: Re: [EAI] POP/IMAP authentication? Many of my users also have different machines with different keyboard layouts, and accounts set on several machines, it's not just a mobile phone issue imho... Be gentle it's my first post daniel@taharlev.com -----Original Message----- From: Barry Leiba <barryleiba.mailing.lists@gmail.com> Date: Tue, 14 Jul 2009 11:19:15 To: Shawn Steele<Shawn.Steele@microsoft.com> Cc: ima@ietf.org<ima@ietf.org> Subject: Re: [EAI] POP/IMAP authentication? I think what Shawn's getting at, which Alexey and Harald haven't addressed and which Shawn might not be making clear, isn't so much the connection between the IMAP login and the email address as it is the idea of limitations on, say, the user's device. If I'm migrated to a new email address and if, in the process, I also get a nifty new non-ASCII login (whether or not it's the same as the email address... surely we can see that migrating both at the same time might be a common thing), that may be OK when I'm using my laptop, where I can enter, say, "лзыба" just fine. But I might not have a mobile phone yet that can enter Cyrillic letters (or Thai characters, or whatever), and then I'd have a hard time logging in from my mobile. And I think Shawn's point, which I agree with if I'm getting that right, is that it wouldn't be a bad thing to point that out and to suggest that an ASCII version of the login be available for a transition. Perhaps some text vaguely like this: --- When a user's email address is changed, it may be common -- perhaps desirable -- to change the user's login identification as well. It's possible, however, that a user who gets a non-ASCII email address might still have devices that are unable to enter a non-ASCII login ID. It is probably wise, therefore, to continue to accept an ASCII version of the user's login ID -- perhaps the old one, or perhaps an alternate ASCII version of the new one -- until the user confirms that it is no longer necessary. --- Barry _______________________________________________ IMA mailing list IMA@ietf.org https://www.ietf.org/mailman/listinfo/ima
- [EAI] POP/IMAP authentication? Shawn Steele
- Re: [EAI] POP/IMAP authentication? Alexey Melnikov
- Re: [EAI] POP/IMAP authentication? Harald Tveit Alvestrand
- Re: [EAI] POP/IMAP authentication? Shawn Steele
- Re: [EAI] POP/IMAP authentication? Barry Leiba
- Re: [EAI] POP/IMAP authentication? Daniel Taharlev
- Re: [EAI] POP/IMAP authentication? Shawn Steele
- Re: [EAI] POP/IMAP authentication? Randall Gellens
- Re: [EAI] POP/IMAP authentication? Alexey Melnikov
- Re: [EAI] POP/IMAP authentication? Harald Alvestrand
- Re: [EAI] POP/IMAP authentication? Xiaodong Lee
- Re: [EAI] POP/IMAP authentication? Barry Leiba