--On Thursday, March 31, 2022 00:57 +0200 Robert Raszuk <robert@xxxxxxxxxx> wrote: > Hi, > > We are observing more and more bogus RFC Errata submissions > which makes no sense technically. > > Some of them look like phishing attempts to get valid email > addresses of those kind enough to respond to the author. > > Perhaps its time to require IETF login authentication before > submitting RFC errata ? Interestingly the email addresses of > folks reporting it are also never seen on any IETF WG list so > that could also be a perhaps valid auto check. I suggested this (after getting tangled up in one of those submissions) some days ago. To summarize John Levine's response and our discussion in the hope of saving time: * An effort is in progress to get a CAPCHA into the submission process. * If changes such as requiring an IETF login (as both you and I proposed) are desired, they probably have to await complete rebuilding of the RPC's tool set for which there is now an RFP in progress. * The RPC does try to remove these bogus submissions down after a few days so they don't clutter the permanent errata record. That suggests to me that waiting several days before responding to an errata report might represent good judgment and some protection against attacks (if they actually are attacks). best, john
