Jay, thanks for responding. Inline below. --On Wednesday, June 5, 2024 09:16 +0100 Jay Daley <exec-director@xxxxxxxx> wrote: > Hi John > >> On 5 Jun 2024, at 03:53, John C Klensin <john@xxxxxxx> wrote: >> >> Robert, >> >> A related question. Is it safe to use the same email address and >> password for Postorius as for the datatracker? > > It is never safe to use the same credentials for different systems. > While everyone involved in tools development aims to maintain > secure systems, and external security auditors are used, nobody can > guarantee the security of any system. Indeed and I'm tempted to say "obviously". Perhaps it would have been clearer and better for me to ask "is the mailman3/ Postorium environment fully under IETF control or has it been at least partially outsourced to other parties?" Apparently the answer is the latter, in which case sharing passwords is clearly a bad idea. In the near term, this suggests that the messages to people about establishing new accounts should be clear about this too. If, as suggested below, the need for those separate accounts it temporary, that should be clear too (and that many of these problems may be just communications failures). I've leave any discussion on whether it is a good idea for the IETF to put information about its mailing lists and who is on which ones -- information that, with most systems, can be more easily compromised than passwords and other login credentials -- into the hands of a third party for others at another time. Similarly, the question of whether Mailman3 should have been deployed before those additional changes were ready is, as I'm sure you will agree, best left for another time and probably (see below) another list. >> For those of us who >> prefer to use relatively complex passwords and different passwords >> for different sites/organizations, and who use password managers to >> make that tolerable, managing different passwords for more or less >> the same domain is feasible, but not a lot of fun. > > The use of password managers is good security practice and strongly > recommended. For info, this is required of all LLC staff and > Secretariat for IETF systems access. Good. We are in agreement about that. >> I assume that >> setting up Mailman3 to allow access to management/ownership >> functions via the datatracker was considered but not feasible. > (The discussion about this was some time ago) > The plan is for IETF participants to manage their mailing list > subscriptions directly within Datatracker using custom forms that > we develop that provide significantly more functionality than the > default MM3 screens. In particular, these will actively support the > complexity of needing to be subscribed to such a large number of > lists to effectively participate in the IETF. > > See the following concept visualisation from more details: > > https://www.ietf.org/media/documents/Mail_Subscription_Mockup_2021 > -10-12.pdf > > Any discussions about this are best on tools-discuss. Three observations, at least the first two of which probably belong here. First, and most generally, I have noticed that there is a tendency to confuse discussions (and even conclusions) on tools-discuss with discussions and conclusions with the community and about which the community is fully informed. Having those discussions on a separate list makes it far easier for much of the community to follow this list (although I gather that those who do so is going down) but there is no way to be sure that all members of the community who are interested, much less all of those who might be affected, are actively following that other list and have consented to whatever is discussed there. Even being on the tools-discuss list doesn't mean much about community consensus: as an example that I doubt is unique to me, I do try to follow that list but my reading messages tends to be intermittent. How carefully can follow the list is a function of other commitments, including IETF commitments, and it simply cannot be of highest priority to me if I'm to get work that I believe is more important done. Second, we've got a well-established mechanism for handling work in specialized WGs, which is to put their conclusions (ideally with a discussion of pros, cons, and tradeoffs if answers did not seem completely clear within the group) into a public Last Call process. Perhaps conclusions on tools-discuss that might have broad community impact should be subjected to the same process with discussion of context, pros, and cons as a requirement. Third, I may be misinterpreting that picture but I see a few things on it that set off alarms, especially if the IETF expects its work and processes to be taken as a good example for the community (I suppose that would be "not just eat our own dogfood, but hope others will follow a similar diet). If we drop that expectation, we, at least IMO, reduce the credibility of our standards, something that is problematic in a voluntary adoption environment.. I'll try to find time to raise those alarming issues on tools-discuss as you suggest. best, john
