Hi,
I fixed most of that now, and will publish a new one.
Barry Leiba via Datatracker writes:
— Section 1 —
A few IMAP client maintainers have asked for ways to use features
that are available in JMAP without having to drop their expensively
tested IMAP code.
I think you want to say “extensively”, with a “t”, yes? (Though, of course,
the “p” version might be true also…)
I actually have the impression that expense is the issue.
— Section 7 —
However, in this case the client has already authenticated via IMAP.
By doing so the client already gained access to all of the same mail.
The authors believe that the debugging value of the response code far
outweighs its security concerns.
The reviewer agrees. That said, it would not be a bad thing to
add something
like this:
ADD
Server implementations must take care to consider this and not
to reveal more
detail about authentication failures than necessary for this purpose.
Uhn, this only applies to authentication successes.
I thought about it a little and changed the third example a bit:
S: 3 OK [DEBUGGING "JMAP is configured to accept only OAUTH"] done
Arnt
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
