-----Original Message----- From: Arnt Gulbrandsen <arnt@xxxxxxxxxxxxxxxxxxx> Sent: October 19, 2023 10:05 AM To: Daniel Migault via Datatracker <noreply@xxxxxxxx> Cc: secdir@xxxxxxxx; draft-ietf-extra-jmapaccess.all@xxxxxxxx; extra@xxxxxxxx; last-call@xxxxxxxx; Daniel Migault <daniel.migault@xxxxxxxxxxxx> Subject: Re: [Extra] Secdir last call review of draft-ietf-extra-jmapaccess-04 Arnt Gulbrandsen writes: > The two each do their own authentication. What JMAPACCESS says is that > based on the IMAP authentication performed by the client, it's clear > that if the client has JMAP client capability, then it's also able > authenticate via JMAP and will in that case have access to the same > mail and mailboxes. Maybe I should extend one of the examples to include JMAP authentication... <mglt> Or simply say that the client authenticates itself to the JMAP server - just to make it clear it cannot access JMAP based on the authentication performed on the IMAP server. </mglt> Arnt -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
