Re: Personal Information in the IETF Datatracker

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




--On Wednesday, September 26, 2018 17:00 +0200 Henrik Levkowetz
<henrik@xxxxxxxxxxxxx> wrote:

> Hi John,
> 
> On 2018-09-26 16:35, John C Klensin wrote:
>> Henrik,
>> 
>> Two observations, the first in the "in case we ever need to do
>> something like this again" category.   
>> 
>> First, I'm glad it is possible to do this by logging into
>> one's account.  Giving phishing concerns, it would be good to
>> include an explicit instruction in the note that, as an
>> alternative to clicking links in an email message, one can do
>> that.   Perhaps not a big deal and almost certainly not worth
>> going back and trying to re-doing things at this point, but
>> worth keeping in mind as good practice.
> 
> Good point.  We'll be repeating the consent request to people
> who have not given it before the deadline; in order to do
> better next time I've added this at the end of the email
> template:
> 
>    In case you prefer to not follow any email links, due to
> phishing    considerations, please just go to the datatracker
> and use the menu    entries to log in or check the help pages
> The links above are provided    for your convenience, but it
> works just as well to go the datracker    manually and do
> what's needed.
> 
> (Thoughts on the wording are welcome.)

I think that is excellent.  Three small editorial suggestions:

(i) drop "any" from "any email links".  It isn't the point.

(ii) add "with any of your identities" to "to log in".

(iii) Do you want to point people to help pages or more directly
to their profiles?

By the way, while I think the IETF should be setting an
extra-good example, the fact that the links in the message are
pointing to datatracker.ietf.org and not, e.g., to
www.random-site.example does provide moderately good assurance
that nothing evil is going on... to the point that this is a bit
of a tempest in a teapot.  So, while I think the above is a good
idea, I also think that strong criticisms for you for not
including it would be a bit out of line.

>...
>> I got a large number of messages, some addressed to addresses
>> that probably appear in RFCs but that I have not actively used
>> in a decade or two.  My plan had been to respond only to the
>> one associated with the address I now use in the tracker and
>> just let the automated processes clear the others as offered/
>> threatened.
>...

> You only need to do one login, and check one personal
> information page; that page will list all the email addresses
> associated with you and your drafts.  You will be able to mark
> any of them which are not in active use as not active.  Giving
> consent to storing your information will leave all records
> intact, but email addresses which are not marked active will
> not be used to try to contact you, but only for internal
> linkage to document author records and similar.
> 
> I hope that answers your question?

Together with Robert's response, it does.

FYI, I was interested in another case, which is that the RFC
Editor database contains an (entirely appropriate warning) about
old addresses not working (that warning might be in the
datatracker too.. don't remember).  If someone is trying to
contact, e.g., a document author, knowing the mapping from older
to a current/primary addresses would be a significant benefit,
at least if the information is sufficiently controlled.  But
that is really a different problem for a different day.

best regards,
   john




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux