From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 33C571384B4 for ; Thu, 10 Dec 2015 07:31:41 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 484D521C060; Thu, 10 Dec 2015 07:31:27 +0000 (UTC) Received: from mail-wm0-f44.google.com (mail-wm0-f44.google.com [74.125.82.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2D8BF21C019 for ; Thu, 10 Dec 2015 07:31:26 +0000 (UTC) Received: by wmec201 with SMTP id c201so12276985wme.1 for ; Wed, 09 Dec 2015 23:31:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=TbHaiGF0jIEpgLsm2NG2/N1Ob2rNBBGVu0F/zDNWXwY=; b=I17pAQKOF7emwNj9de1y5MdlxtEzz998YKXPiuYe6H2bdK5WfBy9pfMiqEf/8MdUmS z8g+dASxVWz2heow5nUFr/qYoy2CzP86CHM5RcHjkLC90GxGBEF1AKGhz7VjfaHRMQTf F9SAzuS9YeDdV9OFiw5euXqdS4Bz1o5t9mNKNzKwRxS0gH+022JnCnGcuokrdT/ymZJK BPmJ/W+UPbXac5bFLSdXNO5KYvAV8KZIYG1B6fHcMwehyiSMgDwh9ZT1dhh16eQzvFKq 7j57z26SbrgbmBMN6mLnJVHMllRJKrYHMV1BgEC6MQwd4oDtNlPpJ4vdUZBu47mpNeFN kmiA== X-Received: by 10.28.54.165 with SMTP id y37mr17334053wmh.55.1449732685036; Wed, 09 Dec 2015 23:31:25 -0800 (PST) Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by smtp.gmail.com with ESMTPSA id w141sm29361041wmw.24.2015.12.09.23.31.23 for (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 09 Dec 2015 23:31:23 -0800 (PST) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Re: gentoo-user@lists.gentoo.org Date: Thu, 10 Dec 2015 07:31:11 +0000 User-Agent: KMail/1.13.7 (Linux/4.1.12-gentoo; KDE/4.14.8; x86_64; ; ) References: <566437B3.8020101@gmail.com> <20151209160809.344c7cab@a6> <56692101.1050005@gmail.com> In-Reply-To: <56692101.1050005@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3407046.q5GrFdSzaB"; protocol="application/pgp-signature"; micalg=pgp-sha256 Content-Transfer-Encoding: 7bit Message-Id: <201512100731.24910.michaelkintzios@gmail.com> X-Archives-Salt: 2cd45042-4172-4e8e-ab8a-f9fe61afeb5e X-Archives-Hash: b93a8f8a59185c004a508be4012e5d57 --nextPart3407046.q5GrFdSzaB Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Thursday 10 Dec 2015 06:51:45 Alan McKinnon wrote: > On 10/12/2015 02:08, walt wrote: > > On Tue, 8 Dec 2015 19:00:20 +0200 > >=20 > > Alan McKinnon wrote: > >> Allow me to translate the Google-speak: > >>=20 > >> "less secure mail app" really means "a really shitty auth method that > >> isn't our (Google's) auth method". So click the (rather well-hidden) > >> button in Gmail's interface and go back to the really shitty auth > >> method we all used just fine for 10+ years already. > >=20 > > Sounds like it's still grumpy Scotsman day. > >=20 > > This is a test email to discover if you really have a gmail account, > > and, if so, how often you check it for new email. > >=20 > > I'll be happy to explain the origin of "grumpy Scotsman" if this test > > succeeds. >=20 > Hello walt, >=20 > Yes it's me and this is a valid account, it's in constant use. OK, this must be a good 2FA then? ;-) Walt's test worked for me too. I wouldn't say that the old auth method is sh*tty as Alan asserts, but Goog= le=20 in their wisdom wanted to deal with all sort of new apps authenticating wit= h=20 user credentials into their mail servers, without revealing to intermediari= es=20 (e.g. ISPs, hackers, app server admins) the Google user credentials. They= =20 could have done this by adding CRAM, SCRAM, et al. in their POP3/IMAP4/SMTP= =20 authentication, rather than keeping AUTH=3DPLAIN, but instead they chose to= =20 follow MSoft's embrace-extend-extinguish strategy by creating their own=20 tokenising standard over https. In other words, using time honoured mail=20 client protocols alone is not good enough for Google and you have to use a= =20 browser as well. Of course, we all know how secure browsers are. The world is changing from classic mail clients and protocols to mobile app= s,=20 mobile apps running on (proxy) servers in foreign countries and an awful lo= t=20 of bad code, which can be exploited. There may be cleverer ways to resolve= =20 this problem, while still adhering to mail protocols, but Google has decide= d=20 to move us all to a protocol (http) where they reign supreme. =2D-=20 Regards, Mick --nextPart3407046.q5GrFdSzaB Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAABCAAGBQJWaSpMAAoJELAdA+zwE4YevK4H/24lDSddgxIpo/SP74xe14GO iI9nZs7PPE0XZxtBxTqW+0Z+UTAv9G5VT6duV9LWIUXsDYXSYy4DCGeCBzR07c5I mLCRVf6mAGRFBy4getvrCStbQkdibRclBajf0LxycX5tleeFsQ9X0jWsZXCZIMQH UEAE8O1niCP3UCbI9Aomm2kBP3KmdJb1f2+LuUXz4D6fBteDpbYJOM2kdB12I9s4 NGOo0NCZE+VrfWIifGVQpID5oJpvwKnD1/WVCLwHyA1DkRM/u3gP6s548hdmuXJh kWJdxtlMVXx6GbcO2tzZFW/a8lWjIZJlJJL+b2dbgkaX7gTurfVtCtcMKYPCfzY= =CUqT -----END PGP SIGNATURE----- --nextPart3407046.q5GrFdSzaB--