Re: Has anyone looked at JMAP?

[Ken Hornstein]

>Oh, it's fairly easy for a user to create their own custom API key for their
>own instance of fetchmail.  What's *not* permitted is for a *project* to ship a
>tarball or whatever with a key usable by everybody who installs the package.

Well, we've been doing this for years with nmh!  And it sounds like
KMail does the same.  I'm not really sure HOW you're supposed to do it
for OSS projects otherwise.

And ... well ... to show how COMPLETELY dumb this is, the same authentication
scheme (OAauth2) is used for Microsoft exchange.  When testing out DavMail
for Exchange email access, my company refused to allow DavMail as an authorized
client.  So I simply changed DavMail to use the client identifier of
Microsoft Office ... which I found on docs.microsoft.com.

>Which of course is actually pretty reasonable - imagine the flamestorm if
>openssh shipped a public/private keypair that it installed on every
>machine.....

If you cound provide pointers on how to create your own custom API
key (there is confusion on how difficult it is), I'd be glad to add
that documentation to nmh.

--Ken