From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Tim Cross Newsgroups: gmane.emacs.devel Subject: Re: gmail+imap+smtp (oauth2) Date: Wed, 04 May 2022 18:43:12 +1000 Message-ID: <87zgjx4qhs.fsf@gmail.com> References: <871qxbdulc.fsf@mat.ucm.es> <87k0b2tkg1.fsf@mat.ucm.es> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="8590"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: mu4e 1.7.13; emacs 28.1.50 Cc: emacs-devel@gnu.org To: Uwe Brauer Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Wed May 04 11:13:24 2022 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nmB4V-00021l-9l for ged-emacs-devel@m.gmane-mx.org; Wed, 04 May 2022 11:13:23 +0200 Original-Received: from localhost ([::1]:52476 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nmB4U-0002Yy-4Q for ged-emacs-devel@m.gmane-mx.org; Wed, 04 May 2022 05:13:22 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:46328) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nmAx5-0002fd-Vj for emacs-devel@gnu.org; Wed, 04 May 2022 05:05:45 -0400 Original-Received: from mail-pg1-x52f.google.com ([2607:f8b0:4864:20::52f]:44565) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nmAx4-0001zq-5C for emacs-devel@gnu.org; Wed, 04 May 2022 05:05:43 -0400 Original-Received: by mail-pg1-x52f.google.com with SMTP id v10so665372pgl.11 for ; Wed, 04 May 2022 02:05:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=references:user-agent:from:to:cc:subject:date:in-reply-to :message-id:mime-version; bh=QdDsALAzbFkaGEWR9JLX27Uaywag0St7IyiplBZsGL0=; b=dXEb0gXSaUoUNu9kXWfTZUMYkdR69J/GdntMufH4Bwnc/4uHFzaIFLqwoVKicg2Q7V RqHB3IPxnmZewni8qMcm+inLGyds4+ZYyqmPUGd7+Ii8lDwoLDhVP6hdBgFOBYlj6QDR Hal/EZ3h2FvNfortaCv824QFVlY8O7s8QI8ELRuzLRBOKjqLPAm1nxJdE38/FVWQB+6Z Fl2UGB17E92ivC3H3jRrNbRybS7MyUHpxzs35nLR2YmvqGoMPDduZUkeRJYF1vjOkt0L jYb1FZNz11oYa2WVmxJ9U2LB/dRBlgWkWrW0XJVxAKrkgmQaeHq2czOocF79zu5yxYb4 LAVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:references:user-agent:from:to:cc:subject:date :in-reply-to:message-id:mime-version; bh=QdDsALAzbFkaGEWR9JLX27Uaywag0St7IyiplBZsGL0=; b=LadPKyOIig1nvIYAPK9uj9dZFtcQkZrJtLLsJpUeW9pyLEtb8TMvtsrwCtY8hhDyME QPNy16mTTMIHV1l/Y+oeLvPS5fthUH0uEzXjnpmYUvlYRN/NsbZB6YVkrc83rDSRgYfu JNHN0v6eHdME6IRm1G1rAHKECAPQsTW76vqdIPj1muloN/XpL+36LT9WUa3Be4PKsGxR 00MokFKCJgkpfFtYJDj6lZSrQn1RJ3EIETmB2VGq91hqFuVr1UbhyvrD+FYtVB/GPOtY 4LSpq27wE70UmM6R+qmumP16O+Fe0+4lQfACKn6LTbS9skMrW1mdxpVO6CYEqJD5S//W Zx0Q== X-Gm-Message-State: AOAM532R+6uLeO9B4ksvwwKj6HZ7jvuf/E9KFMtPAOQ6H9JwCwjECx6y wHk2ooCMgqGuetD1/rBknevXnBzImbA= X-Google-Smtp-Source: ABdhPJz7xCKRess9fXREZWsV5uffXSQCZak53A7Ta0DmNFHOGuKhTPRKMOsyB6ntAxjQaP4Jj7/vCg== X-Received: by 2002:a63:235c:0:b0:3c5:f761:12fd with SMTP id u28-20020a63235c000000b003c5f76112fdmr392410pgm.416.1651655139447; Wed, 04 May 2022 02:05:39 -0700 (PDT) Original-Received: from dingbat (220-235-29-41.dyn.iinet.net.au. [220.235.29.41]) by smtp.gmail.com with ESMTPSA id r7-20020a17090b050700b001d2bff34228sm2822531pjz.9.2022.05.04.02.05.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 May 2022 02:05:39 -0700 (PDT) In-reply-to: <87k0b2tkg1.fsf@mat.ucm.es> Received-SPF: pass client-ip=2607:f8b0:4864:20::52f; envelope-from=theophilusx@gmail.com; helo=mail-pg1-x52f.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:289158 Archived-At: Uwe Brauer writes: > [[S/MIME Signed Part:Undecided]] > >> On 03.05.2022 07:59, Uwe Brauer wrote: >> My understanding may not be perfect, but having considered a similar >> conundrum for a work-integration, I landed on the conclusion that SMTP >> and IMAP should keep working as long as you use app-passwords for >> logging in to your account. If so, that should probably be adequate >> for Emacs too. > > > I am not to understand the meaning of app-passwords. > There is nothing too concerning here. An application password is just another password you can use to authenticate for a specific purpose. You could in fact have 2 application passwords - 1 for IMAP and 1 for SMTP. These application passwords are typically much longer than most user passwords and you don't get to select it - the password is generated for you. Your 'normal' Google password will only work as part of a 2FA authentication process. You enter your account name (google email address usually), your password and then a 2nd factor (fingerprint, code from an authentication app, hardware key etc). If your IMAP or SMTP/MUA clients support oauth2, you don't need application passwords, you can just use your google username/password and 2nd factor. Problem is, many clients, particularly older ones, don't support oauth2. The situation is further compounded by the fact that oauth2 implementations vary enough that it is very difficult to just implement a 'generic' oauth2 solution in a high level, easy to use manner. For example, it is possible to configure Emacs' SMTP to use oauth2, but it is clunky, requires a significant level of udnerstanding of oauth2 and manual steps (such as getting a token from a web page and putting it into your configuration). > My email account has a password, that is used when connecting via ssl > or tls. But gmail will need a different protocol in the future, this is > why I am worried. > A 'different protocol' is perhaps over stating it. The SMTP protocol itself isn't changing, but the authentication mechanism is. At present, I think we are in a transition stage and like many transitions, things are a bit rough around the edges. At some point, I suspect Google will remove application passwords. However, I expect this will only happen once the alternative authentication mecahnisms have stabilised and standardised more than they are at present. By that time, I would also expect many of the clients will support the new authentication protocols.