On 10/16/2013 10:23 AM, Stephen Kent wrote:
Stephen,
I realized that I forgot to reply to your message about MTI vs. MTU for
IMAP.
Even absent Ned's detailed note showing that most major e-mail providers
already
mandate use of TLS for access, I would not see the Washington Post story as
evidence that we need to change IMAP (and POP?) to mandate _use_ of TLS.
Another concern might be that the Oauth 2.0 family of protocols, as used
on various social medial, could be used to dump a "profile" for a user
(which might include contacts).
There's not a lot of uniform cross-provider interop yet (in say, openid
connect), but the per-provider extensions seem able to leak excessive
user information in some use cases.
(Based on what I've read, I haven't looked at the traffic myself).
--
Albert Lunde [email protected]
[email protected] (address for personal mail)
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
