Re: Call for review of proposed IESG Statement on Examples

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi John,

Thanks for the comments. Please see inline.

John C Klensin skrev:
> A brief comment on this... I may have more to say later on...
> 
> --On Thursday, 18 September, 2008 10:07 -0700 The IESG
> <iesg@xxxxxxxx> wrote:
> 
>> The IESG has received the attached text for a proposed IESG
>> Statement: IESG Statement on the Usage of Assignable
>> Codepoints in Specification Examples
>> ... 
>>
>> = = = = = = Text of Proposed IESG Statement = = = = = = =
>> ...
> 
>> 1) Spam: apparently valid email addresses in an RFC are widely
>> believed to have been harvested and included in Spam lists.
>> The domain may receive spam at mailboxes other than the one
>> used in the example email address, if the domain name is used
>> in common name or brute force attacks.
> 
> Please note that a careful reading of this paragraph would
> either ban or discourage the appearance of author email
> addresses in RFCs.  Yet such addresses have been a firm
> requirement for many years (if I recall, since before there was
> an IETF).  Questions:
> 
> 	(i) Does the IESG intend to change the requirement for
> 	email addresses?

No, that has not been the intention. I also don't think the statement 
say anything that explicitly changes that.

> 	
> 	(ii) Does the IESG believe that the appearance of a
> 	domain name in an email address in an example is somehow
> 	more harmful or likely to draw the attention of spammers
> 	than one in an "Author's Address" section?   If not,
> 	could you explain your reasoning?

No, I don't think there is a difference from a spam perspective. From my 
point of view it is quite clear that the moment I stuck my email address 
in a internet draft I started receiving spam volumes several magnitudes 
larger than before. So as an author using your own address in an example 
may not make much difference from a spam perspective. However, it make 
more difference for other reasons, like if it is a test script you are 
putting in your email address in. If you are putting someone else email 
address into your document you may increase there volume of spam.

> 	
> 	(iii) Does the IESG intend to pursue the idea, discussed
> 	many times, of creating a reserved mail domain and
> 	assigning all RFC authors mailboxes or aliases in it?

We haven't discussed this at all at this point in time. I don't see how 
applicable this is to the general intention of the IESG statement to 
cover all type of codepoints, including domain names, email addresses, 
and media types. So if we want to continue any discussion on this topic, 
can we please that that in a separate thread.

> 
> I note with interest that this statement does not appear to
> apply (or at least does not appear to offer justification for
> applying) these rules to domain names that do not appear in
> email addresses (or in configuration files, etc.).  

The statement intendeds to provide examples why using real domain names 
or other types of code points can be harmful. Reasons will vary with 
protocol and the type of "codepoint". And there will be cases where 
there will be no impact, maybe other than us being a little rude and 
using someone else domain name. Which I think is a good enough reason 
unless there some real counter reason while this particular name is so 
good for the example and can't be illustrated with another. And as the 
statement says, in those cases, please ask the owner before going ahead.

I note with
> even more interest that reservation of "codepoints" for example
> or other documentation purposes would violate existing IESG
> statements and rules about conservation of scarce resources
> (where scarcity is an issue) or would require negotiation with
> other bodies.  
> 

Which IESG statements are you referring to? I can't find any on that 
topic, but I may be missing one.

There clearly are tradeoffs between assigning code-points and the 
possible scarcity or unavailability of them. Then one simple have to use 
another option of ensuring that this usage has minimal impact. Including 
using assigned values with the owners approval. It also include the 
consideration of the impact.

Maybe there are some text clarification that could help make this 
clearer. Adding something to the following bullet ", unless prevented by 
scarcity or other registration considerations."

  - The specification itself can request further values or codepoints to
    be assigned.

I do like to point out that the goal with the statement is to have 
people think about these issues. Be aware that IESG will consider them 
and may object to certain usages unless reasonably motivated.

Cheers

Magnus Westerlund

IETF Transport Area Director & TSVWG Chair
----------------------------------------------------------------------
Multimedia Technologies, Ericsson Research EAB/TVM
----------------------------------------------------------------------
Ericsson AB                | Phone +46 8 4048287
Färögatan 6                | Fax   +46 8 7575550
S-164 80 Stockholm, Sweden | mailto: magnus.westerlund@xxxxxxxxxxxx
----------------------------------------------------------------------
_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]