From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Thomas Fitzsimmons Newsgroups: gmane.emacs.devel Subject: Re: oauth2 support for Emacs email clients Date: Wed, 04 Aug 2021 19:29:27 -0400 Message-ID: References: <52589.36892.953561.24840@gargle.gargle.HOWL> <871r7aubp5.fsf@ucl.ac.uk> <87v94m1fkg.fsf@gnu.org> <871r78lt57.fsf@gmail.com> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="12103"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) Cc: emacs-devel@gnu.org To: Tim Cross Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu Aug 05 01:30:29 2021 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mBQLF-0002ug-7T for ged-emacs-devel@m.gmane-mx.org; Thu, 05 Aug 2021 01:30:29 +0200 Original-Received: from localhost ([::1]:37246 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mBQLE-000399-6w for ged-emacs-devel@m.gmane-mx.org; Wed, 04 Aug 2021 19:30:28 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:53488) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mBQKK-0002Tz-Rd for emacs-devel@gnu.org; Wed, 04 Aug 2021 19:29:32 -0400 Original-Received: from mail-qk1-x734.google.com ([2607:f8b0:4864:20::734]:37502) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mBQKJ-0007Ip-0p for emacs-devel@gnu.org; Wed, 04 Aug 2021 19:29:32 -0400 Original-Received: by mail-qk1-x734.google.com with SMTP id 14so4510198qkc.4 for ; Wed, 04 Aug 2021 16:29:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fitzsim-org.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=juiDrWZfQoDgn6+bXbrT1MYn8ZVnEcaLLt0L2NUJzh8=; b=gd4yARaqPEykjS4RM7Llwvc8sltXHJymJ9VHePUg79FsjoAxpfkIh/suuBw6qACfco Vqd4lUGoILK5dIKnh7el8inXEQVnuE0/uVY866BxBmJKXdTgv7/VnAqtPjKIAvg5TAs9 VRkkKNPjqeobZWjR7cnHKdxnxqDRCZ4Kry5rUkshYbJ6la92wHk4NuXEHSKvtsK38oU1 jbqMuBNGrDl0+Jcm6eDQZvgW3N0rPx53pgNNaxQv5GHYhX8SEBueTRYMpBPdJQNGKI1Y 7UhvVTOHlVJ0a6FOYSvyVj/DOuATmcKfAfiwhvdpuDH0nyiwMuPQ8hMx+LHFaMQtNsGP GqbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=juiDrWZfQoDgn6+bXbrT1MYn8ZVnEcaLLt0L2NUJzh8=; b=JmbB6tgEC2DsRRTmn7AmA3CAAbcn3aH20z8lzyAMTN19QI0wTckLslNZtFfhvrPmAj IfrBiKco70VGE1D0vm4RhdWY+qwQlWhEOpjAlK9iZHRpcQWZzoeqmGLf131izZXLKoG7 quDrzo7akb2aC8VrGa4yB550oI4UO8NZ8/KpojxrRs+XCA9hKqSTHT2LkuUXqBLotdlS NznrQH2vH0Awko5aKuvh6edsEYvJSyrKQulab0YZzIuoAgez1z80fj6aRwhX0FcE9o+c pRMfRajZPoW5aZdEuIvGR01fsr25d7AVTqRXpgVXwTK91XvfuMDIAD5DMVlz49F4DIb4 wSHg== X-Gm-Message-State: AOAM53050HamD2gNnIo+TrHKo4DICYlHPyoPI07QHhyghPy3CmpvQl+6 Uz54e0bB/4lfFOz/z81TaN0+OzNyGWj9jA== X-Google-Smtp-Source: ABdhPJxtFyheRbVvKhjn15thSnyRvoB399iCGzLqGXKyhB9btb10gBnyAr2/n/0hGFlVgqolY3aaLA== X-Received: by 2002:ae9:e886:: with SMTP id a128mr2026921qkg.218.1628119769598; Wed, 04 Aug 2021 16:29:29 -0700 (PDT) Original-Received: from localhost.localdomain (69-165-165-189.dsl.teksavvy.com. [69.165.165.189]) by smtp.gmail.com with ESMTPSA id b21sm1451948qte.38.2021.08.04.16.29.28 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 04 Aug 2021 16:29:29 -0700 (PDT) In-Reply-To: <871r78lt57.fsf@gmail.com> (Tim Cross's message of "Thu, 05 Aug 2021 08:45:25 +1000") Received-SPF: none client-ip=2607:f8b0:4864:20::734; envelope-from=fitzsim@fitzsim.org; helo=mail-qk1-x734.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:272067 Archived-At: Tim Cross writes: > Thomas Fitzsimmons writes: > >> IMAP and SMTP can use OAuth2 for authentication. But to properly >> support OAuth2 in Emacs, the FSF needs to talk to big email providers >> like Microsoft and Google and get Emacs registered as an OAuth2 >> application (like Thunderbird has done), or advocate for some better >> solution than embedding keys in the application binaries. This was >> discussed in bug 41386 [1]; I hope the FSF is working on it. > > but isn't this the issue - a 'registered' application is just one which > has a registered application id key, but the T&C for the major mail > providers does not allow that registered ID token to be public, which > means it cannot be put into Emacs source code. Only the FSF, as the copyright holder of Emacs, and with its legal expertise, is in a position to try to research and solve these issues and do what may be necessary (e.g., advocating for changes to terms and conditions that in practice prevent the use of Free Software email clients for these services, publishing safe usage guidelines if such advocacy fails, etc.). Thomas