Re: author's address (was: Re: Fwd: [OPS-DIR] OPS-DIR Reviewofdraft-yevstifeyev-tn3270-uri-12)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Jan 14, 2011, at 7:45 AM, Phillip Hallam-Baker wrote:

> I believe that my personal security trumps any and all considerations that might be raised here.
> 
> I do not give my home address out and do not intend to change. If the RFC editor were to insist that the fields are filled they are going to get a fake address.
> 
> 

They should not insist on anything of the sort. 

> Corporate addresses are even less useful. Very few people in the IETF have the same employer for more than five years. And even those who have the same employer are unlikely to have the same office building very long.
> 
> 
> On Fri, Jan 14, 2011 at 4:11 AM, t.petch <daedulus@xxxxxxxxxxxxx> wrote:
> ----- Original Message -----
> From: "Doug Ewell" <doug@xxxxxxxxxxx>
> To: "The IETF" <ietf@xxxxxxxx>
> Sent: Friday, January 14, 2011 6:56 AM
> Subject: Re: author's address (was: Re: Fwd: [OPS-DIR] OPS-DIR
> Reviewofdraft-yevstifeyev-tn3270-uri-12)
> 
> 
> > Peter Saint-Andre wrote:
> >
> > > For what it's worth, Section 10 of the informational RFC 2223
> > > ("Instructions to RFC Authors") states:
> > >
> > > Each RFC must have at the very end a section giving the author's
> > > address, including the name and postal address, the telephone number,
> > > (optional: a FAX number) and the Internet email address.
> >
> > The Internet is not the type of chummy small-town environment where we
> > can trust just anybody with our home address and phone number, or our
> > bank account and credit card numbers, and where we can leave our front
> > doors unlocked at night.
> 
> As Joel pointed out, the Last Call issue is the contact details for change
> control
> in the registration of a widely used URI with IANA, details which consist
> solely of a gmail address.  Is that enough to grant change control of this
> URI (in which a number of people from a number of organisations have
> expressed an ongoing interest)?
> 

What, exactly, is the issue here ? How IANA authenticates someone with change control over some resource ?
That, clearly, is a lot bigger than just this RFC. I would assume (and feel sure) that IANA is not just blindly going by
email address, but by their judgement. I am also not sure what having an address will do to help with this. I doubt IANA
will be sending inspectors to people's houses asking to see ID.

If there seems to be of particular risk of such attacks for this URI, I would suggest adding 
text in the security section (or the IANA considerations).

If impersonation attacks seem like a real threat in general, then someone who feels that way 
should write a draft specifying how IANA should authenticate people.

Regards
Marshall

> RFC4395 appears to be silent.
> 
> Tom Petch
> 
> > I worked on two I-Ds in a WG where participant A once responded to
> > participant B's support of an RFC 3683 P-R action against A by
> > contacting B's employer, gleaned from his e-mail address, demanding that
> > the employer take professional action against B.  In this type of
> > hostile environment, I declined to state my employer's name or post to
> > the WG list from my work address, much less divulge other personal
> > information, and edited both RFC 4645 and 5646 as "Consultant."
> >
> > The argument that personal information is necessary to distinguish the
> > author from other people with the same name probably carries some weight
> > for authors named "John Smith" or "Bob Miller."  There are few enough
> > people named "Doug Ewell" in the world that the risk of ambiguity of
> > authorship seems much more remote than the risk to personal security if
> > too much personal information is provided.  I suspect the same is true
> > for people named "Mykyta Yevstifeyev."
> >
> > Having said that, I don't think there is any precedent for I-D authors
> > or editors to claim their document was written by "IETF" or "IESG," and
> > I doubt this will be permitted.
> >
> > --
> > Doug Ewell | Thornton, Colorado, USA | http://www.ewellic.org
> > RFC 5645, 4645, UTN #14 | ietf-languages @ is dot gd slash 2kf0s 
> >
> > _______________________________________________
> > Ietf mailing list
> > Ietf@xxxxxxxx
> > https://www.ietf.org/mailman/listinfo/ietf
> >
> 
> _______________________________________________
> Ietf mailing list
> Ietf@xxxxxxxx
> https://www.ietf.org/mailman/listinfo/ietf
> 
> 
> 
> -- 
> Website: http://hallambaker.com/
> 
> _______________________________________________
> Ietf mailing list
> Ietf@xxxxxxxx
> https://www.ietf.org/mailman/listinfo/ietf

_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]