From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: David Engster Newsgroups: gmane.emacs.devel Subject: Re: oauth2 support for Emacs email clients Date: Wed, 11 Aug 2021 11:57:56 +0200 Message-ID: <87k0kse21n.fsf@randomsample> References: <52589.36892.953561.24840@gargle.gargle.HOWL> <87pmuofpai.fsf@gnu.org> <87sfzk71xw.fsf@randomsample> <87k0kw6liw.fsf@randomsample> <87fsvk6i5e.fsf@randomsample> <87sfzhekgv.fsf@randomsample> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="29926"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) Cc: fitzsim@fitzsim.org, winkler@gnu.org, emacs-devel@gnu.org To: Richard Stallman Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Wed Aug 11 11:59:03 2021 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mDl0l-0007JF-IY for ged-emacs-devel@m.gmane-mx.org; Wed, 11 Aug 2021 11:58:59 +0200 Original-Received: from localhost ([::1]:47072 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mDl0k-0000TM-Jx for ged-emacs-devel@m.gmane-mx.org; Wed, 11 Aug 2021 05:58:58 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:52706) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mDkzu-0007M0-Qn for emacs-devel@gnu.org; Wed, 11 Aug 2021 05:58:06 -0400 Original-Received: from [2a03:4000:42:1a1:9400:eeff:feb4:c8a0] (port=56704 helo=zplane.randomsample.de) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mDkzr-0002Of-Jz; Wed, 11 Aug 2021 05:58:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=randomsample.de; s=a; h=Content-Type:MIME-Version:Message-ID:Date: References:In-Reply-To:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=1keBjZj0ELDcMVoWYPWizWj1TaJ80zOM2OQtdEw2iuw=; b=CWD2cSgTKyXist4B40UxTf5yu aDuVAY3U7bxUFSMWcGwC31P1QnP8Vhlb9ofp6mU+/ZSlX3pB/VTVS6Bu6AoG7Eu3LL4AD22NFUNj4 3s5AzRP3apr9yqsf3dxrYoSFyIDuTF2y4Nj6U34uQtVavoxx9FkewZdxbs7Y13ljolgEzfTqGX6IC WkBsA7gL4DjNQN6RwoC4av5L+NhVeMQv9ioguaTeRTzkwS2NVoYjwrNEgOrs2JK8IerbQksdxoe18 xOUDbfxhQO7JmG+Wd0qs3f4ns08Gm8q+RNbc/DntFIRKKRFuag4xOHYcdgb1r0WlPEVj4JHKtxWjH KZy3Be6Zg==; Original-Received: from vpn24.hotsplots.net ([185.46.137.5] helo=void) by zplane.randomsample.de with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mDkzl-0006O1-KD; Wed, 11 Aug 2021 11:57:58 +0200 In-Reply-To: (Richard Stallman's message of "Tue, 10 Aug 2021 23:00:27 -0400") X-Host-Lookup-Failed: Reverse DNS lookup failed for 2a03:4000:42:1a1:9400:eeff:feb4:c8a0 (failed) Received-SPF: pass client-ip=2a03:4000:42:1a1:9400:eeff:feb4:c8a0; envelope-from=deng@randomsample.de; helo=zplane.randomsample.de X-Spam_score_int: 16 X-Spam_score: 1.6 X-Spam_bar: + X-Spam_report: (1.6 / 5.0 requ) BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_SORBS_WEB=1.5, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:272317 Archived-At: > > > I haven't tried yet, but I suspect using Emacs in my organization would > > > be harder because, what GUID would I use? > > > Well, you could just use Thunderbird's. It's all right here: > > > https://github.com/mozilla/releases-comm-central/blob/master/mailnews/base/src/OAuth2Providers.jsm > > > You shouldn't though, because that could get you in trouble. While all > > this stuff is essentially security theatre, good luck explaining that to > > your IT security department... > > It's possible that you're right. But, because your statement is takes > a leap and doesn't describe the logical steps, it is hard to verify > that. > > Would you like to help determine whether that approach is practical? > And, if not, why not? > > For instance, why would the organization's IT security team care > whether he runs Thunderbird, or runs Emacs and tells some company it is > Thunderbird? This is not a technical issue, this is just about company policies what you are and are not allowed to do on your company laptop. Whether these policies are only written down, or are also enforced through some technical measure, is really not that important. What I consider to be more important is that the Thunderbird developers kindly ask to not copy their client ID/secret for other applications, and we should respect that. > How would it even notice that he's using Emacs rather than Thunderbird? By looking over his shoulder, through a security audit of his laptop, or he might simply tell... -David