Re: [webfinger] [apps-discuss] Mail client configuration via WebFinger
"Paul E. Jones" <paulej@packetizer.com> Fri, 15 July 2016 08:36 UTC
Return-Path: <paulej@packetizer.com>
X-Original-To: webfinger@ietfa.amsl.com
Delivered-To: webfinger@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51C9212D985 for <webfinger@ietfa.amsl.com>; Fri, 15 Jul 2016 01:36:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.288
X-Spam-Level:
X-Spam-Status: No, score=-3.288 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-1.287, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=packetizer.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bH4Qzeaf7Mab for <webfinger@ietfa.amsl.com>; Fri, 15 Jul 2016 01:36:47 -0700 (PDT)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1598712D97E for <webfinger@ietf.org>; Fri, 15 Jul 2016 01:36:47 -0700 (PDT)
Received: from [192.168.1.20] (cpe-098-122-181-215.nc.res.rr.com [98.122.181.215] (may be forged)) (authenticated bits=0) by dublin.packetizer.com (8.15.2/8.15.2) with ESMTPSA id u6F8agpN009032 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 15 Jul 2016 04:36:42 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=packetizer.com; s=dublin; t=1468571802; bh=MdN/naf0wRJCVrJVSLGe129qRxAAMybNkvPPVgwCoPo=; h=From:To:Subject:Date:In-Reply-To:References:Reply-To; b=c0rjp+XgAsxeyUclTCP4Qpo+fN6iNxyEwRQQFtmbut3rxxJkoN7Bi74xYeuWVvoIj 0Vk9IoF5n2JIddUzqgPHifw/9CzCcb+KRhAepFBouwWo+Cw/lZHV0jpByDF9elIQrD liV4bNkrCTm+nVQOGEvTseYZGESzTSHwM3YBTs2o=
From: "Paul E. Jones" <paulej@packetizer.com>
To: Marten Gajda <marten@dmfs.org>, "webfinger@ietf.org" <webfinger@ietf.org>
Date: Fri, 15 Jul 2016 08:36:53 +0000
Message-Id: <emc4dd7b67-6273-400d-bd4d-dae0d24f4823@sydney>
In-Reply-To: <57880D75.5090109@dmfs.org>
References: <em44c60c65-2d14-46a0-adb3-a52d38d160ed@helsinki> <575197C1.3090102@dmfs.org> <39fe811e-282a-2a08-2928-c78c3947a6b9@aol.com> <575492E1.2000805@dmfs.org> <57587369.20405@dmfs.org> <em1601bf25-0972-435d-8537-b3a6d19b5b33@sydney> <5786C161.7070806@dmfs.org> <emdb968062-c47f-4fb3-b4b8-ba787cfb56eb@sydney> <57880D75.5090109@dmfs.org>
User-Agent: eM_Client/7.0.26482.0
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="------=_MB5B3A482C-CB43-4512-9213-0B135A18CEBC"
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6 (dublin.packetizer.com [10.137.60.122]); Fri, 15 Jul 2016 04:36:42 -0400 (EDT)
Archived-At: <https://mailarchive.ietf.org/arch/msg/webfinger/RgPaasKjFJccAhU4Q0ySwcUDzOo>
Subject: Re: [webfinger] [apps-discuss] Mail client configuration via WebFinger
X-BeenThere: webfinger@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: "Paul E. Jones" <paulej@packetizer.com>
List-Id: Discussion of the Webfinger protocol proposal in the Applications Area <webfinger.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webfinger>, <mailto:webfinger-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webfinger/>
List-Post: <mailto:webfinger@ietf.org>
List-Help: <mailto:webfinger-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webfinger>, <mailto:webfinger-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jul 2016 08:36:52 -0000
Marten, > >Am 14.07.2016 um 08:19 schrieb Paul E. Jones: >>Let's make sure the new draft is scoped to just mail configuration. >>(If we want to go further with calendar, contacts, etc. then arguably >>those should be separate URLs. My mail and calendar is not provided >>by the same provider, for example.) >If we only support mail configuration this will probably fail. I think >one of the strengths of this draft is that everything is in one place. But, everything is in one place in the sense that WebFinger is the one place. The type of information required to configure contacts and calendar are quite different than email. So why produce a JSON document that tries to blend all three? The only thing I'm suggesting is to define the link relations. In the future, there might be another (e.g., tasks). >>Certificate Auth: I'm not sure what the problem is here, unless people >>want to use enterprise-issued certificates (i.e., those that are not >>from a public CA). If that is the case, I would not want my mail >>client to insert those into my trusted certificate store. So, would >>those be one-time uses? Not very useful. I'd say the IT department >>needs to install whatever root certs are needed. A client should >>authenticate the certificates it sees, but we don't need more words >>about it other than to say the TLS connection must be authenticated. >No, this is about client authentication, i.e. the client has to provide >a client certificate signed by some specific authority. This is not >widely used and probably more for corporate or personal use cases, but >we have a significant number of users of this security feature. >At least in Java it's a real pain to distinguish a client certificate >request from any other SSLException. So it would be helpful to know in >advance if a specific client certificate is required or not. Oh! I totally had this backward. The challenge I see with using client certificates is that one of the benefits to using WebFinger is that I don't have to manually configure my email clients I have on my 6 different clients. Even in the enterprise, having a mobile device and computer is more common. So, I would not be opposed to this, but I'm not sure it would be used much, particularly since the user is already authenticating with other mechanisms. If the expectation is the user's device will also authenticate with the mail server using the same certificate, I guess this might be required. >>Document structure: I think keeping this simple is really best. I >>don't think we need multiple mail providers. If the email address is >>user@example.com, then I think it's reasonable to assume example.com >>is the provider. Yes, a user could go enter WebFinger information for >>some other provider, but the average person will not want to do that. >>That's having the user configure the server so it can configure the >>client. Not much gained there. I would have something that's no more >>complex than something like this: >> >I fully agree that we should keep it as simple as possible. However, >one of the keys to success is that we support the services and use >cases that are not covered by the existing mechanisms. That's why I >believe that the document should have a generic structure that works >with pretty much every service out there. It shouldn't be designed >around email. This is one of the reasons for me to ditch the >host/port/transport notation and just use a single URI instead. I'm not >aware of any service that can't be addresses with a URI. Those are just properties of the mail service. The next thing will have its own set of properties. The JRD sent by WebFinger is a document along the lines of what you describe: very generic. And, that was viewed as good. There is really very little one can convey: a subject, some properties, and a set of links with associated properties. But, it gets really tricky trying to define something complex with a JRD, and that's intended. Folks in the WG did not want it to do more than what it does. And I think the same philosophy should be extended to the services like mail, calendar, contacts, tasks, or whatever. If each one is defined for the specific purpose they serve, the documents will be clean and clear. >Another goal should be to revert the service discovery process to some >degree. Instead of having the client to probe the provider for each >service that might be supported, the current spec reverts that and >returns a list of everything that's supported. The local "account setup >agent" then can probe the local device software for client modules or >applications that might support a specific service. Ideally this would >be supported on OS level. So you run a generic account configuration on >OS level, the OS pulls the service configuration document and calls the >installed handlers for each supported service. It there is no client >for a specific service the OS could make suggestions like "Your >provider also supports <Some service>. Search the App Store for a >suitable client app now". That's an interesting idea, but I would still prefer to keep the config in different resources. Everything you describe could be done with naming conventions or properties in the JRD. For example, a link might have a "rel" value of "mail-config" and an "href" value. This might not mean much, but there could also be a property that indicates that it is an "auto-configuration" link, perhaps the name of the service (e.g, "Email"), etc. >That's why I believe that we should put all services into a single >document, instead of using service specific rel-types that need to be >probed by the client. Another reason not to do it: even within the same organization, different departments might manage different services. You run into challenges trying to get people to coordinate. Another reason is that folks in the IETF like to have things broken into granular pieces. That's why WF is more-or-less just a directory of links. >If, like in your case, calendars and email are not hosted at the same >provider, the webfinger response for your account should just contain >two provider entries, each pointing to a document that lists all the >services provided by this provider. In my case, I would expect paulej@packetizer.com to return only the email service, since I don't have a calendar service there. I would select the "Add Account" option in my email software and enter another user ID to get the calendar. Yeah, I could have this in a single WF reply, but the problem is that the average user isn't going to be adding such entries to his or her account. Of course, we do need to allow for the possibility that the IT department will have one group running email and another handling contacts / corporate directory services. So, a company might very well have two links in the JRD returned by WF. And, that goes to my point, again, that there's no point trying to define an all-encompasing document. To be clear, though: I'm not opposed to having a generic document that tries to be flexible enough to convey just about anything. I'm OK with that. I just don't think that we should have a single document that carries information for more than one service. I just don't see the benefit in doing that vs. having two or three different link relations -- one for each service to be configured. That said, I do not see that it's very useful to have a generic document format vs. a specialized one. After all, we still have to define the exactly contents of the documents, generic or specialized. Paul
- Re: [webfinger] [apps-discuss] Mail client config… Dave Cridland
- Re: [webfinger] [apps-discuss] Mail client config… Paul E. Jones
- [webfinger] Mail client configuration via WebFing… Paul E. Jones
- Re: [webfinger] [apps-discuss] Mail client config… Cyrus Daboo
- Re: [webfinger] [apps-discuss] Mail client config… Paul E. Jones
- Re: [webfinger] [apps-discuss] Mail client config… Stephen Farrell
- Re: [webfinger] [apps-discuss] Mail client config… Paul E. Jones
- Re: [webfinger] [apps-discuss] Mail client config… Marten Gajda
- Re: [webfinger] [apps-discuss] Mail client config… Paul E. Jones
- Re: [webfinger] [apps-discuss] Mail client config… Paul E. Jones
- Re: [webfinger] [apps-discuss] Mail client config… Marten Gajda
- Re: [webfinger] [apps-discuss] Mail client config… Mikael Nordfeldth
- Re: [webfinger] [apps-discuss] Mail client config… Paul E. Jones
- Re: [webfinger] [apps-discuss] Mail client config… Eric Mill
- Re: [webfinger] [apps-discuss] Mail client config… Paul E. Jones
- Re: [webfinger] [apps-discuss] Mail client config… Marten Gajda
- Re: [webfinger] [apps-discuss] Mail client config… Paul E. Jones
- Re: [webfinger] [apps-discuss] Mail client config… Marten Gajda
- Re: [webfinger] [apps-discuss] Mail client config… Paul E. Jones
- Re: [webfinger] [apps-discuss] Mail client config… Marten Gajda
- Re: [webfinger] [apps-discuss] Mail client config… John Levine
- Re: [webfinger] [apps-discuss] Mail client config… Paul E. Jones
- Re: [webfinger] [apps-discuss] Mail client config… Marten Gajda
- Re: [webfinger] [apps-discuss] Mail client config… Marten Gajda
- Re: [webfinger] [apps-discuss] Mail client config… Paul E. Jones
- Re: [webfinger] [apps-discuss] Mail client config… Marten Gajda
- Re: [webfinger] [apps-discuss] Mail client config… George Fletcher
- Re: [webfinger] [apps-discuss] Mail client config… Marten Gajda
- Re: [webfinger] [apps-discuss] Mail client config… Marten Gajda