From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from resqmta-ch2-12v.sys.comcast.net (resqmta-ch2-12v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:44]) by hurricane.the-brannons.com (Postfix) with ESMTPS id 274F6783A1 for ; Sat, 21 Jul 2018 02:44:49 -0700 (PDT) Received: from resomta-ch2-08v.sys.comcast.net ([69.252.207.104]) by resqmta-ch2-12v.sys.comcast.net with ESMTP id goRGfdcBJ6OTpgoRTfzX6b; Sat, 21 Jul 2018 09:44:47 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20161114; t=1532166287; bh=+FZrEkMVbjNq1ndwpbl6Iens2n9nbq7Sq4eGjuG6NUE=; h=Received:Received:To:From:Reply-to:Subject:Date:Message-ID: Mime-Version:Content-Type; b=fTLNCYrhFcpZf19QRrC2WicZA8dg/96epz1Vg07h35mBjZKEAxO9sur6kjhVahPD5 BYp9SddhX6N1ZsHYa7FHgfOdP7aVq8Y/HHhTDYPlTn3xCnQxh0E8T/8PBROhQTjR39 xLtFMbvU7nxgjqateys+EVGheNj3w/iTMV0ipuTS9TnopP14YXq+HSDNKhGn426tBm DehEIbEDCuhyDN53S6I/xV2RfVmamK117BFwe8IVpappq9AwD1XyoFMuVC6VGxhliU iMuqEgSEMlwUrqq9LbeaDyBePTcreBu0c5Io3BswX8N/Xb7vuNJwHiMJImcAWMM165 7jhVzhqNbN1+g== Received: from unknown ([IPv6:2601:408:c300:8f09:21e:4fff:fec2:a0f1]) by resomta-ch2-08v.sys.comcast.net with ESMTPA id goRSfs0CSIGvVgoRSfXVNo; Sat, 21 Jul 2018 09:44:47 +0000 To:edbrowse-dev@edbrowse.org From: Karl Dahlke Reply-to: Karl Dahlke User-Agent: edbrowse/3.7.4 Subject: [edbrowse-dev] two factor, per device Date: Sat, 21 Jul 2018 05:44:46 -0400 Message-ID: <20180621054446.eklhad@comcast.net> X-BeenThere: edbrowse-dev@edbrowse.org List-Id: Edbrowse Development List Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=nextpart-eb-915843 Content-Transfer-Encoding: 7bit X-CMAE-Envelope: MS4wfE1DqlMrwF2JZ9tU6n4muSIM2wk6mJfdCWXSufIyMlo1wXdclCGqv6m4HYpybF/PwIcmOK0cP3wU3EBloEl/D4v0tFPsaOI6KFIA9kom/dRxQDGfdzf0 xdpf5CfmRj6P0wcXUcSfjFHoHbNPkSo1qGhLbVn6G6SAUUx7BTJ1TRC5pFED6zPUFy3cMkaz5btFHWQvechiK19ln+Sq9R4tvVBEgrNajsYefT1ah55L+DlX This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --nextpart-eb-915843 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I'm sorry but I still don't understand it. Maybe I am a little dense. You get an imap password, somehow, and you claim it is per device? How = is that possible? I've seen the pop3 and imap protocols at the lowest levels. Hell I implemented them, before curl. There is no field for "here's the device I'm on". There's a log in and a password, that's it! In theory the server could glom onto your ip address, but that is not = an indicator of your device; it is where you are, which public wifi etc. There are no cookies, nothing else that would indicate device. So again, it seems to me it's just another password, that you use for = imap, and a) I don't see that it adds much security, maybe a little, and b) I definitely don't understand how it can be per device or per = application. If password foobar gets you in to imap from mutt on your phone, it will = get you in on edbrowse on your desktop. Karl Dahlke --nextpart-eb-915843--