Re: RFC Errata junk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




--On Thursday, March 31, 2022 00:57 +0200 Robert Raszuk
<robert@xxxxxxxxxx> wrote:

> Hi,
> 
> We are observing more and more bogus RFC Errata submissions
> which makes no sense technically.
> 
> Some of them look like phishing attempts to get valid email
> addresses of those kind enough to respond to the author.
> 
> Perhaps its time to require IETF login authentication before
> submitting RFC errata ? Interestingly the email addresses of
> folks reporting it are also never seen on any IETF WG list so
> that could also be a perhaps valid auto check.

I suggested this (after getting tangled up in one of those
submissions) some days ago.  To summarize John Levine's response
and our discussion in the hope of saving time:

* An effort is in progress to get a CAPCHA into the submission
process.

* If changes such as requiring an IETF login (as both you and I
proposed) are desired, they probably have to await complete
rebuilding of the RPC's tool set for which there is now an RFP
in progress.

* The RPC does try to remove these bogus submissions down after
a few days so they don't clutter the permanent errata record.
That suggests to me that waiting several days before responding
to an errata report might represent good judgment and some
protection against attacks (if they actually are attacks).

 best,
   john 




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux