Re: The problem we could solve (re github etc.)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed 09/Jun/2021 23:48:30 +0200 Phillip Hallam-Baker wrote:

On Wed, Jun 9, 2021 at 5:22 PM John C Klensin <john-ietf@xxxxxxx> wrote:


And I have a question: What does this rather long thread actually have to
do with the IETF other than demonstrating that it would be dumb for our
discussions to depend on a providers who intended to support those
discussions by selling subscriptions and/or tracking user behavior and/or
comments? >
The reason I tried to bring it back to stuff that is in IETF scope was because I see all of these issues as being aspects of the same broken 
approach to Internet accounts.
There's a field in my Datatracker account linking to my GitHub account. GitHub has a field for linking Twitter accounts but not IETF ones. In practice, I sent the account name to the WG chair via an unsigned email message. Is that vulnerable to social engineering attacks?
Traditionally, we view an Internet account as being a thing that it LENT by the service provider to the user. And the design of DNS reflects this in 
that DNS is a naming system for hosts and services, it is not a naming
system for people. It is ludicrously expensive for a start, $10/yr for a DNS
name is not actually an unreasonable charge for running DNS authoritative
services but it is an absurd amount for a user name. When WhatsApp was a
paid service, it was $1/yr. So $10/yr for the user name is ridiculous.
One could find names at less that 1$, but then shouldn't expect to deliver much of the mail sent from such domains. The price we pay is for globalness and some kind of moderation.
By design, the DNS lets us fake whatever authority we fancy, perhaps using RFC 2606 names if we care about possible future overlaps. Or use .onion. 



For me, usernames and authentication are something that should intrinsically
belong to the user and be theirs for life.
Agreed. We can hardcode our credentials and upload them to NodeMCU with Arduino. The difficulty is sharing resources with (some) other people or devices without necessarily getting at a global visibility level. 


Best
Ale
--
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux