From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Tim Cross Newsgroups: gmane.emacs.devel Subject: Re: gmail+imap+smtp (oauth2) Date: Wed, 04 May 2022 12:05:37 +1000 Message-ID: <877d72nf3h.fsf@gmail.com> References: <871qxbdulc.fsf@mat.ucm.es> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="34600"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: mu4e 1.7.13; emacs 28.1.50 Cc: jostein@kjonigsen.net, emacs-devel@gnu.org To: Richard Stallman Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Wed May 04 05:38:23 2022 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nm5qI-0008tc-S3 for ged-emacs-devel@m.gmane-mx.org; Wed, 04 May 2022 05:38:22 +0200 Original-Received: from localhost ([::1]:45126 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nm5qH-00014k-Fi for ged-emacs-devel@m.gmane-mx.org; Tue, 03 May 2022 23:38:21 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:45436) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nm5p2-0000Nz-2m for emacs-devel@gnu.org; Tue, 03 May 2022 23:37:04 -0400 Original-Received: from mail-pf1-x436.google.com ([2607:f8b0:4864:20::436]:37609) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nm5oy-0001Qy-Ch; Tue, 03 May 2022 23:37:03 -0400 Original-Received: by mail-pf1-x436.google.com with SMTP id bo5so166161pfb.4; Tue, 03 May 2022 20:36:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=references:user-agent:from:to:cc:subject:date:in-reply-to :message-id:mime-version; bh=tKeUu28wbrUNSXM2kkKzsVwFp8chedLPdpD+qS6Rl3Q=; b=Xo+1jjZogeTlkpDHHZ9sBQF/mccfezAdqMSoMEWfSbwm8dtapTeHCP/FhVJgLtWCkw v/Me9tdkMNMqQTZe4BcVFBgSQlqe/vA2WQ0c2OTfN1WBS1qugdbjfRc1nD78O9DGjnxH 2O3vA668iP9NVtkvscdAh0chkp/5YmBF8109swhdATac3A9BZGJnDdFYfqj67TK3nD4Z gLks1Uy9RT0W+HGzAnWpDRPbTVaVh9/TcjSFSVS/yOu/V9QYvAYs4Ek17tIwSEPQpptF C14L0XcaNCZ0jxC6FcY7VaJNHqcc1g/47s7JlMYOC8S2E9n7ZD+PPge7hOFpTx41Nb6u 2raw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:references:user-agent:from:to:cc:subject:date :in-reply-to:message-id:mime-version; bh=tKeUu28wbrUNSXM2kkKzsVwFp8chedLPdpD+qS6Rl3Q=; b=kEL796Y9mOyDW8dubg7FbymVPpoKGKBJIaOF+k0NDX7H8O1oYU7UiJKsgMSmofSGhI dDBVn0in5Cvrbb56d0JUK/J8CliSeMO+apojP5zR64lw6PvS0jibNlMBl+T34RN4ZwQQ QJELPR/wOtzmEf69o2fEZJYFdiJ1fk9tIQWbksIHiH29wG3sCxzBT8KBk2ZVT2lJ6crP AmQ+FQGoXjba97jJhisG7SbnSG+0+6CpIjdQ07qe2R5hBTv1GLecnZHQRSIIP9iiPG4g 2nxjoNjeLmtX8J4mxeCWQc2UywWqf+NSyNOtLF2a8Duko3vODoGXKj5fEd0Ye95oDgMO 79YA== X-Gm-Message-State: AOAM531gaTxUPideM6wX7CYEIFYpQFv+1LGpsZYgvo/hpDCkikXPgN+o FSgYxa6uQ9IshCYjQ5N06X0ji4UG3Yg= X-Google-Smtp-Source: ABdhPJzqB02fZ1ww9YECOIzORlE2Awy92NgRmbxMM4yWyLI2LV545bmqyPxIkQ+SPUqbHZ4dNHnPuQ== X-Received: by 2002:a05:6a00:162f:b0:50a:4909:2691 with SMTP id e15-20020a056a00162f00b0050a49092691mr18962398pfc.64.1651635416600; Tue, 03 May 2022 20:36:56 -0700 (PDT) Original-Received: from dingbat (220-235-29-41.dyn.iinet.net.au. [220.235.29.41]) by smtp.gmail.com with ESMTPSA id r18-20020a170903021200b0015ec1031e79sm688990plh.256.2022.05.03.20.36.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 May 2022 20:36:55 -0700 (PDT) In-reply-to: Received-SPF: pass client-ip=2607:f8b0:4864:20::436; envelope-from=theophilusx@gmail.com; helo=mail-pf1-x436.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:289141 Archived-At: Richard Stallman writes: > [[[ To any NSA and FBI agents reading my email: please consider ]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > > I landed on the conclusion that SMTP > > and IMAP should keep working as long as you use app-passwords for > > logging in to your account. > > Can you explain what "app-passwords" are? I have never used Gmail, > and I don't need to know technical details, but I have to think > about the ethical implications of this. Google introduced the concept of app passwords back when they first implemented 2FA. Basically, they are just a password based authentication workflow which can be used with applications that do not support 2FA or oauth2 based authentication and authorisation. Google generates a long complex password which you can then use to authenticate instead of your 'normal' password (and 2nd factor for 2FA). The app passwords cannot be used to login via 'standard' web based mechanisms (2FA/oauth2). You have to log into your google account and enable app passwords and then generate 1 (or more) app passwords which you then use for imap/smtp authentication instead of your 'normal' google password. Each app password can be given a name - for example, I have one called 'emacs' which is the password I use to connect to imap/smtp from Emacs. You can view what app passwords you have defined and when they were last used by logging into your google account and checking your settings page. You cannot see the actual password though - that is only available when you first create the password. If you forget it or lose it, you have to create a new one (and delete the old one of course). Google is removing access to imap/smtp using your main google login/password and will require 2FA and oauth2 for all web based authn/authz. However, their documentation implies that app passwords will remain as the standad solution for applications which cannot do 2FA or oauth2. I don't know if app passwords are available for institution/enterprise google users. It is possible that may be a configuration option and up to the individual organisations to enable/disable. Google's advice would be not to enable them unless there is a demonstrated need. Many larger organisations will just follow Google's advice as they don't want users using applications they haven't 'approved'. I don't think there are any significant ethical considerations associated with app passwords (in addition to those associated with using Google/Gmail that is). It is likely that setting the app password via the Google account settings page involves non-free Javascript, but I think that boat sailed when you initially sign up for a gmail account anyway. Some will probably have issue with the fact you cannot set the specific app password and have no insight into the algorithm google uses to generate the password, which are reasonable criticisms (though experience has shown many people do better with even flawed password generators than self selected passwords). At the end of the day, if you trust Google with your email data, it probably isn't a long stretch to trust they will generate a reasonably good password