emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: oauth2 support for Emacs email clients


From: David Engster
Subject: Re: oauth2 support for Emacs email clients
Date: Wed, 11 Aug 2021 11:57:56 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)

>   > > I haven't tried yet, but I suspect using Emacs in my organization would
>   > > be harder because, what GUID would I use?
>
>   > Well, you could just use Thunderbird's. It's all right here:
>
>   > 
> https://github.com/mozilla/releases-comm-central/blob/master/mailnews/base/src/OAuth2Providers.jsm
>
>   > You shouldn't though, because that could get you in trouble. While all
>   > this stuff is essentially security theatre, good luck explaining that to
>   > your IT security department...
>
> It's possible that you're right.  But, because your statement is takes
> a leap and doesn't describe the logical steps, it is hard to verify
> that.
>
> Would you like to help determine whether that approach is practical?
> And, if not, why not?
>
> For instance, why would the organization's IT security team care
> whether he runs Thunderbird, or runs Emacs and tells some company it is
> Thunderbird?

This is not a technical issue, this is just about company policies what
you are and are not allowed to do on your company laptop. Whether these
policies are only written down, or are also enforced through some
technical measure, is really not that important.

What I consider to be more important is that the Thunderbird developers
kindly ask to not copy their client ID/secret for other applications,
and we should respect that.

> How would it even notice that he's using Emacs rather than Thunderbird?

By looking over his shoulder, through a security audit of his laptop, or
he might simply tell...

-David



reply via email to

[Prev in Thread] Current Thread [Next in Thread]