At 9:38 AM -0700 6/22/09, John R. Levine wrote:
The bootstrap question is addressed by requiring the end-user to know their e-mail address and password. Based on the domain name, the implementation would reach out to https://something.domain-name.tld and download the relevant "schema" and data for IMAP, SMTP, POP3, etc, in ordered priority. Based on what the e-mail client could support, the desired settings would be displayed, and upon end-user approval, applied.
End-user approval? That means support calls, ISPs wouldn't like that.
I can believe something like this could be made to work, but I would think hard about all the way that web sessions can get screwed up or hijacked before I persuaded myself that a scheme was likely to work where it needed to work (e.g., when connecting to a hotspot that hijacks all web sessions until you log in) while not being subject to hostile spoofing.
Followups definitely to IETF-something.
I would suggest following up at discuss@apps.ietf.org; the folks there can point you to things like RFC 2244 (ACAP, the Application Configuration Access Protocol), describe why that got turned in XCAP by the RAI area (RFC 4825, primarily used in SIP contexts but designed to be multi-use), and caution you that the many hours spent designing these things have not generally born fruit in the marketplace. Is this possible for email? Sure. With strong support from a vendor with a tied house model (e.g. RIM or Apple), it might even get to be popular. But as a general purpose approach, it has not hit that sweet spot. regards, Ted Hardie
R's, John