--On Sunday, May 31, 2015 09:17 -0800 Melinda Shore
<melinda.shore@xxxxxxxxx> wrote:
> On 5/31/15 9:04 AM, John Levine wrote:
>> We do automatically notify authors when new drafts are
>> posted, which should usually alert surprised authors to the
>> problem.
>
> It's probably worth noting that alerting people suffers from
> one of the same weaknesses as requiring approval from all
> authors, which is that it's easy to create throwaway or
> spoofed email addresses. That said, I think this is the best
> approach. If it eventually turn out that bogus email
> addresses are being used to work around the notifications,
> that can be dealt with. But for the time being notification
> can at least allows someone to object if they receive a notice
> that a draft has been published with their name on it.
Yes. Listing someone as an author who didn't want to be so
listed could conceivably be a misunderstanding rather than a
malicious act. It may be reasonable to treat it as such (as the
draft statement and default "tombstone" remedy, IMO, essentially
does).
While we've never discussed what to do about the more extreme
cases and I hope we never have to, at the point that someone
starts creating bogus email addresses or otherwise does things
whose only purpose could be to frustrate notification
mechanisms, it will usually be quite clear that deliberately
deceitful behavior was intended. Should such practices occur
often enough to be of concern, the IETF would be justified in
treating the behavior more harshly than "merely" taking a
document down. For example, it might be in order to modify RFC
3683 to deny I-D posting rights or otherwise remove a person
from the IETF whose behavior was a threat to the community.
But, again, I hope we never have to reach the point where that
discussion is necessary.
john