ietf-822
[Top] [All Lists]

Re: [ietf-822] WSJ/gmail/ML, was a permission to...

2014-05-07 05:10:51
On Tue 06/May/2014 19:34:52 +0200 Brandon Long wrote:

OAUTH2 SASL is almost an RFC, but using it still has scaling issues
for clients, in that there is no discovery/registration protocol
yet.  Theoretically, once all that is accomplished and implemented,
trying to authorize smtp-msa from one account to another via the
web would be as simple as an ACL pop-up that you can agree to.

Clearly, that level of interop is a bit further away than we'd want
any solution to the DMARC issue.

Except that OAUTH can also be used to authorize ML subscriptions with
the participation of the subscriber's mail server.  Knowing the [user,
list] pair, the server can apply weak signatures or whatever other
solution we'll find for the DMARC issue.  Other advantages over COI
include:

* Define a folder to store list mail at subscription time, and

* a real list of subscriptions, instead of a time-distributed
  database of reminders.

Ale

-- 
http://fixforwarding.org/

_______________________________________________
ietf-822 mailing list
ietf-822(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-822