John,
Some responses inline:
On 9/26/18 9:35 AM, John C Klensin wrote:
Henrik,
Two observations, the first in the "in case we ever need to do
something like this again" category.
First, I'm glad it is possible to do this by logging into one's
account. Giving phishing concerns, it would be good to include
an explicit instruction in the note that, as an alternative to
clicking links in an email message, one can do that. Perhaps
not a big deal and almost certainly not worth going back and
trying to re-doing things at this point, but worth keeping in
mind as good practice.
Second...
--On Wednesday, September 26, 2018 15:29 +0200 Henrik Levkowetz
<henrik@xxxxxxxxxxxxx> wrote:
Hi Riccardo,
On 2018-09-26 14:11, Riccardo Bernardini wrote:
I, too, received this e-mail, but on my work account
(bernardini@xxxxxxxx or riccardo.bernardini@xxxxxxxx). I
followed the link, but it says that my e-mail is not
known.... Funny.
In your case, things are a bit more complex. The datatracker
knows of your email <riccardo.bernardini@xxxxxxxx>, but you
don't have a login. This means that the information in your
account is derived from submitted drafts and other IETF work.
I got a large number of messages, some addressed to addresses
that probably appear in RFCs but that I have not actively used
in a decade or two. My plan had been to respond only to the one
associated with the address I now use in the tracker and just
let the automated processes clear the others as offered/
threatened.
That's reasonable.
Is that plausible, or do those old addresses have some other
value to the IETF?
If those old addresses came from a role you held or are one of the
authors of a draft, they have value and won't be removed.
You can help make sure they are correctly associated with your
datatracker account by looking at the list of addresses the datatracker
knows for you - they're displayed on the page you get using the "Account
Info" link in the menus. (Which, for convenience, is at this URL
<https://datatracker.ietf.org/accounts/profile/> after you log in.)
If you received mail for addresses that aren't showing on that page,
please add them there.
If you get an error while trying to do so, there's data cleanup we need
to do manually. If that occurs, please send email to Henrik and me with
the addresses it won't let you add.
In particular, if someone is maintaining a
database that links old addresses to current (or at least newer)
addresses, it would be a pity to have that database damaged by
this cleanup.
Agreed, and the datatracker _does_ map from old addresses to current
ones. (If it has no other reason to select an active address, such as
knowing a specific address to use for a role, it will use the address
marked Primary. Similarly it will use the address marked Primary in the
place of any message that would have gone to an inactive address.)
IANAL, much less a GDPR specialist, but I have
trouble believing that such a database could compromise personal
privacy if (i) the addresses were already published somewhere,
such as in RFCs, (ii) no information other than the address
mappings was present, and ideally (iii) the database could be
queried only "forward" (i.e., "what is the current address
associated with the old address xxx@yyy ?") and not downloaded
so that "what are all the other addresses belonging to whomever
is now using xxx@yyy ? is hard or impossible to ask.
I also can't give permission for inclusion in an address mapping
database because there are addresses for me in the database for
which I can no longer receive mail (and hence might have missed
even more announcement messages), much less create an account
and log in.
best,
john
