Google and OAuth 2.0

Gervase Markham gerv at
Mon Apr 28 14:58:54 UTC 2014

On 26/04/14 00:27, Ben Bucksch wrote:
> I think we should actively oppose this, because this is the start of the
> end of pure email protocols.

I think that an opposition to this change, for IMAP or more generally,
needs to be led by someone with a good understanding of how it works now
- which is not me.

But the sort of questions I would want to find answers to are:

* What does Google hope to gain by making this change? Is it an
anti-spam/anti-fraud measure?

* Can the additional data about logins that Google hopes to obtain be
obtained in other ways for IMAP?

* Why can't single-service passwords continue to be used instead?

* Do they understand the ramifications of the idea that clients of all
these protocols will need to contain a browser? (Is that actually so?)

* Are there any ramifications on open source software in particular?
(Seems from the discussion that the answer is actually no, but we need
to be sure.)

* Who are the other desktop email software providers, and what are their


More information about the tb-planning mailing list