[Mailman-Developers] SUBMIT and OpenID, was Two more DMARC mitigations
Stephen J. Turnbull
stephen at xemacs.org
Tue Jun 17 04:28:11 CEST 2014
John Levine writes:
> After digging through a festival of acronyms, I ended up at RFC
> 6616.
Thank you!
> There are certainly OpenID libraries, but I don't know to what extent
> anyone has written the code to splice them into SASL.
Were we (on dmarc at ietf) talking all along about OpenID when we wrote
"OAuth"? They're different, although I don't know exactly how or why
(and neither RFC made obvious mention of the other :-( ).
I'm not sure who you know among the authors of that RFC, but I've
worked with Simon Josefsson, who would surely help if he has time, and
has done a lot of implementation. (I suspect Barry knows him too.)
Given that Simon is on the side of SASL/OpenID vs. OAuth, I suspect
that OpenID is the more practical of the two standards.
> I would propose doing the submission hack, explicitly noting that SASL
> has a variety of different ways to authenticate with different
> usability and security trade offs.
I think that's a good starting point for discussion. With a little
luck it could be quite close to eventual implementation, too. :-)
Steve
More information about the Mailman-Developers
mailing list