Hi John, On 2018-09-26 16:35, John C Klensin wrote: > Henrik, > > Two observations, the first in the "in case we ever need to do > something like this again" category. > > First, I'm glad it is possible to do this by logging into one's > account. Giving phishing concerns, it would be good to include > an explicit instruction in the note that, as an alternative to > clicking links in an email message, one can do that. Perhaps > not a big deal and almost certainly not worth going back and > trying to re-doing things at this point, but worth keeping in > mind as good practice. Good point. We'll be repeating the consent request to people who have not given it before the deadline; in order to do better next time I've added this at the end of the email template: In case you prefer to not follow any email links, due to phishing considerations, please just go to the datatracker and use the menu entries to log in or check the help pages The links above are provided for your convenience, but it works just as well to go the datracker manually and do what's needed. (Thoughts on the wording are welcome.) > Second... > > --On Wednesday, September 26, 2018 15:29 +0200 Henrik Levkowetz > <henrik@xxxxxxxxxxxxx> wrote: > >> Hi Riccardo, >> >> On 2018-09-26 14:11, Riccardo Bernardini wrote: >>> I, too, received this e-mail, but on my work account >>> (bernardini@xxxxxxxx or riccardo.bernardini@xxxxxxxx). I >>> followed the link, but it says that my e-mail is not >>> known.... Funny. >> >> In your case, things are a bit more complex. The datatracker >> knows of your email <riccardo.bernardini@xxxxxxxx>, but you >> don't have a login. This means that the information in your >> account is derived from submitted drafts and other IETF work. > > I got a large number of messages, some addressed to addresses > that probably appear in RFCs but that I have not actively used > in a decade or two. My plan had been to respond only to the one > associated with the address I now use in the tracker and just > let the automated processes clear the others as offered/ > threatened. > > Is that plausible, or do those old addresses have some other > value to the IETF? In particular, if someone is maintaining a > database that links old addresses to current (or at least newer) > addresses, it would be a pity to have that database damaged by > this cleanup. IANAL, much less a GDPR specialist, but I have > trouble believing that such a database could compromise personal > privacy if (i) the addresses were already published somewhere, > such as in RFCs, (ii) no information other than the address > mappings was present, and ideally (iii) the database could be > queried only "forward" (i.e., "what is the current address > associated with the old address xxx@yyy ?") and not downloaded > so that "what are all the other addresses belonging to whomever > is now using xxx@yyy ? is hard or impossible to ask. > > I also can't give permission for inclusion in an address mapping > database because there are addresses for me in the database for > which I can no longer receive mail (and hence might have missed > even more announcement messages), much less create an account > and log in. You only need to do one login, and check one personal information page; that page will list all the email addresses associated with you and your drafts. You will be able to mark any of them which are not in active use as not active. Giving consent to storing your information will leave all records intact, but email addresses which are not marked active will not be used to try to contact you, but only for internal linkage to document author records and similar. I hope that answers your question? Best regards, Henrik
Attachment:
signature.asc
Description: OpenPGP digital signature