On Tue, Aug 25, 2020 at 05:56:41PM +0200, Steffen Nurpmeso wrote:
> Twenty years ago i was an angry young man because the new German
> passports did not include S/MIME++ certificates and PGP keys,
> signed by the German government. In the meantime the
> "Bundesdruckerei" (which has become more or less private until
> then, what a mess, in my opinion) actually acts as a certificate
> authority.
TL;DR, OAUTH is a complex mess. Its main effect is to discourage use of
your own mail client, so you use WebMail, or some "app" on a mobile
device. Its security is worse than passwords, especially for users who
know how to manage passwords. But perhaps for sufficiently clueless
users the password is less likely to be sent insecurely or to the
wrong party. It is shoddy tech, optimised for the unwashed masses.
> |as long as their certificate contains an email address that matches
> |smtpd_sender_login_maps?
>
> Oh, sorry, i am not an administrator. I have read the postfix
> documentation once in 2015, to setup my server VM. Until then
> only externally managed accounts. And the server does not support
> any login mechanism at all, the message enters the postfix there
> via ssh and sendmail. That is enough for me. (It even drives
> mailing lists, but that via aliases.)
You have still now answered Wietse's question. If you were to do
"EXTERNAL" auth, what determines whether a user presented a valid
credential, and what part of the certificate determines the associated
login name? Who is authorised to assert such login names.
You need to be careful to not inadvertently authorise every CA on the
planet to assert login credentials on your server. Avoiding this takes
some care.
As I said before, instead of sending patches, if you want to see
new functionality in Postfix, please post a clear set of written
requirements and a proposed design (if you want to propose one).
--
Viktor.
