On 2025-01-09 at 22:01:08 UTC-0500 (Fri, 10 Jan 2025 04:01:08 +0100)
Ángel via mailop <[email protected]>
is rumored to have said:
I do think that enforcing Application Specific Passwords is a good
solution to the problem, and requiring no client-side changes,
Right. If you must store a password in a recoverable fashion, it should
have a very limited scope.
unlike
OAuth, where not many clients support it, and for those that do, many
do so only for specific providers.
It is worth noting that OAuth really cannot be generally supported for
all providers in any client because each client program must be
authorized for each provider. Beyond the dance that a MUA has to
choreograph to do OAuth (i.e. use a web browser to obtain an auth token)
the process of getting a MUA registered with each major OAuth provider
can be quite onerous and may be infeasible for free software.
--
Bill Cole
[email protected] or [email protected]
(AKA @[email protected] and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
