[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf
Subject: Re: author's address (was: Re: Fwd: [OPS-DIR] OPS-DIR
From: Sandy Ginoza <sginoza () amsl ! com>
Date: 2011-01-21 17:16:40
Message-ID: 4F303B60-55D6-4680-B25A-4A6616D79B37 () amsl ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Greetings,
Sorry I'm late to the discussion, but I wanted to point out our actual policy \
regarding the Author's Address:
From "RFC Document Style" (http://www.rfc-editor.org/rfc-style-guide/rfc-style)
4.9. "Author's Address" Section
This required section gives contact information for the author(s)
listed in the first-page header, and perhaps those listed in a
Contributors section.
Contact information must include at least one, and ideally would
include all, of a postal address, a telephone number and/or FAX
number, and a long-lived email address. The purpose of this section
is to (1) unambiguously define author/contributor identity (e.g., the
John Smith who works for FooBar Systems) and to (2) provide contact
information for future readers who have questions or comments. Note
that some professional societies offer long-lived email addresses for
their members.
Typically, we'll request an email address (at minimum) because we (RFC Production \
Center) need to be able to contact the authors via email and get author approval for \
the document. Please let me know if you have any questions or if this causes any \
concern.
Thanks!
Sandy (for the RFC Production Center)
On Jan 14, 2011, at 7:06 AM, Marshall Eubanks wrote:
>
> On Jan 14, 2011, at 7:45 AM, Phillip Hallam-Baker wrote:
>
> > I believe that my personal security trumps any and all considerations that might \
> > be raised here.
> > I do not give my home address out and do not intend to change. If the RFC editor \
> > were to insist that the fields are filled they are going to get a fake address.
> >
>
> They should not insist on anything of the sort.
>
> > Corporate addresses are even less useful. Very few people in the IETF have the \
> > same employer for more than five years. And even those who have the same employer \
> > are unlikely to have the same office building very long.
> >
> > On Fri, Jan 14, 2011 at 4:11 AM, t.petch <daedulus@btconnect.com> wrote:
> > ----- Original Message -----
> > From: "Doug Ewell" <doug@ewellic.org>
> > To: "The IETF" <ietf@ietf.org>
> > Sent: Friday, January 14, 2011 6:56 AM
> > Subject: Re: author's address (was: Re: Fwd: [OPS-DIR] OPS-DIR
> > Reviewofdraft-yevstifeyev-tn3270-uri-12)
> >
> >
> > > Peter Saint-Andre wrote:
> > >
> > > > For what it's worth, Section 10 of the informational RFC 2223
> > > > ("Instructions to RFC Authors") states:
> > > >
> > > > Each RFC must have at the very end a section giving the author's
> > > > address, including the name and postal address, the telephone number,
> > > > (optional: a FAX number) and the Internet email address.
> > >
> > > The Internet is not the type of chummy small-town environment where we
> > > can trust just anybody with our home address and phone number, or our
> > > bank account and credit card numbers, and where we can leave our front
> > > doors unlocked at night.
> >
> > As Joel pointed out, the Last Call issue is the contact details for change
> > control
> > in the registration of a widely used URI with IANA, details which consist
> > solely of a gmail address. Is that enough to grant change control of this
> > URI (in which a number of people from a number of organisations have
> > expressed an ongoing interest)?
> >
>
> What, exactly, is the issue here ? How IANA authenticates someone with change \
> control over some resource ? That, clearly, is a lot bigger than just this RFC. I \
> would assume (and feel sure) that IANA is not just blindly going by email address, \
> but by their judgement. I am also not sure what having an address will do to help \
> with this. I doubt IANA will be sending inspectors to people's houses asking to see \
> ID.
> If there seems to be of particular risk of such attacks for this URI, I would \
> suggest adding text in the security section (or the IANA considerations).
>
> If impersonation attacks seem like a real threat in general, then someone who feels \
> that way should write a draft specifying how IANA should authenticate people.
>
> Regards
> Marshall
>
> > RFC4395 appears to be silent.
> >
> > Tom Petch
> >
> > > I worked on two I-Ds in a WG where participant A once responded to
> > > participant B's support of an RFC 3683 P-R action against A by
> > > contacting B's employer, gleaned from his e-mail address, demanding that
> > > the employer take professional action against B. In this type of
> > > hostile environment, I declined to state my employer's name or post to
> > > the WG list from my work address, much less divulge other personal
> > > information, and edited both RFC 4645 and 5646 as "Consultant."
> > >
> > > The argument that personal information is necessary to distinguish the
> > > author from other people with the same name probably carries some weight
> > > for authors named "John Smith" or "Bob Miller." There are few enough
> > > people named "Doug Ewell" in the world that the risk of ambiguity of
> > > authorship seems much more remote than the risk to personal security if
> > > too much personal information is provided. I suspect the same is true
> > > for people named "Mykyta Yevstifeyev."
> > >
> > > Having said that, I don't think there is any precedent for I-D authors
> > > or editors to claim their document was written by "IETF" or "IESG," and
> > > I doubt this will be permitted.
> > >
> > > --
> > > Doug Ewell | Thornton, Colorado, USA | http://www.ewellic.org
> > > RFC 5645, 4645, UTN #14 | ietf-languages @ is dot gd slash 2kf0s
> > >
> > > _______________________________________________
> > > Ietf mailing list
> > > Ietf@ietf.org
> > > https://www.ietf.org/mailman/listinfo/ietf
> > >
> >
> > _______________________________________________
> > Ietf mailing list
> > Ietf@ietf.org
> > https://www.ietf.org/mailman/listinfo/ietf
> >
> >
> >
> > --
> > Website: http://hallambaker.com/
> >
> > _______________________________________________
> > Ietf mailing list
> > Ietf@ietf.org
> > https://www.ietf.org/mailman/listinfo/ietf
>
[Attachment #5 (unknown)]
<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; \
-webkit-line-break: after-white-space; \
"><div>Greetings,</div><div><br></div><div>Sorry I'm late to the discussion, but I \
wanted to point out our actual policy regarding the Author's \
Address:</div><div><br></div><div>From "<span class="Apple-style-span" \
style="white-space: pre; ">RFC Document Style" (</span><a \
href="http://www.rfc-editor.org/rfc-style-guide/rfc-style">http://www.rfc-editor.org/rfc-style-guide/rfc-style</a>)</div><div><pre><font \
class="Apple-style-span" face="Courier" size="3"><span class="Apple-style-span" \
style="font-size: 12px;">4.9. "Author's Address" Section
This required section gives contact information for the author(s)
listed in the first-page header, and perhaps those listed in a
Contributors section.
Contact information must include at least one, and ideally would
include all, of a postal address, a telephone number and/or FAX
number, and a long-lived email address. The purpose of this section
is to (1) unambiguously define author/contributor identity (e.g., the
John Smith who works for FooBar Systems) and to (2) provide contact
information for future readers who have questions or comments. Note
that some professional societies offer long-lived email addresses for
their members.</span></font></pre><pre><font class="Apple-style-span" \
face="Courier" size="3"><span class="Apple-style-span" style="font-size: \
12px;"><br></span></font></pre><pre><font class="Apple-style-span" face="Courier" \
size="3"><span class="Apple-style-span" style="font-size: 12px;">Typically, we'll \
request an email address (at minimum) because we (RFC Production Center) need to be \
able to contact the authors via email and get author approval for the document. \
</span></font></pre><pre><font class="Apple-style-span" face="Courier" size="3"><span \
class="Apple-style-span" style="font-size: 12px;">Please let me know if you have any \
questions or if this causes any concern.</span></font></pre><pre><font \
class="Apple-style-span" face="Courier" size="3"><span class="Apple-style-span" \
style="font-size: 12px;"><br></span></font></pre><pre><font class="Apple-style-span" \
face="Courier" size="3"><span class="Apple-style-span" style="font-size: \
12px;">Thanks!</span></font></pre><pre><font class="Apple-style-span" face="Courier" \
size="3"><span class="Apple-style-span" style="font-size: 12px;">Sandy (for the RFC \
Production Center)</span></font></pre></div><div><br></div><br><div><div>On Jan 14, \
2011, at 7:06 AM, Marshall Eubanks wrote:</div><br \
class="Apple-interchange-newline"><blockquote type="cite"><div><br>On Jan 14, 2011, \
at 7:45 AM, Phillip Hallam-Baker wrote:<br><br><blockquote type="cite">I believe that \
my personal security trumps any and all considerations that might be raised \
here.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote \
type="cite">I do not give my home address out and do not intend to change. If the RFC \
editor were to insist that the fields are filled they are going to get a fake \
address.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote \
type="cite"><br></blockquote><br>They should not insist on anything of the sort. \
<br><br><blockquote type="cite">Corporate addresses are even less useful. Very few \
people in the IETF have the same employer for more than five years. And even those \
who have the same employer are unlikely to have the same office building very \
long.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote \
type="cite"><br></blockquote><blockquote type="cite">On Fri, Jan 14, 2011 at 4:11 AM, \
t.petch <<a href="mailto:daedulus@btconnect.com">daedulus@btconnect.com</a>> \
wrote:<br></blockquote><blockquote type="cite">----- Original Message \
-----<br></blockquote><blockquote type="cite">From: "Doug Ewell" <<a \
href="mailto:doug@ewellic.org">doug@ewellic.org</a>><br></blockquote><blockquote \
type="cite">To: "The IETF" <<a \
href="mailto:ietf@ietf.org">ietf@ietf.org</a>><br></blockquote><blockquote \
type="cite">Sent: Friday, January 14, 2011 6:56 AM<br></blockquote><blockquote \
type="cite">Subject: Re: author's address (was: Re: Fwd: [OPS-DIR] \
OPS-DIR<br></blockquote><blockquote \
type="cite">Reviewofdraft-yevstifeyev-tn3270-uri-12)<br></blockquote><blockquote \
type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote \
type="cite"><blockquote type="cite">Peter Saint-Andre \
wrote:<br></blockquote></blockquote><blockquote type="cite"><blockquote \
type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote \
type="cite"><blockquote type="cite">For what it's worth, Section 10 of the \
informational RFC 2223<br></blockquote></blockquote></blockquote><blockquote \
type="cite"><blockquote type="cite"><blockquote type="cite">("Instructions to RFC \
Authors") states:<br></blockquote></blockquote></blockquote><blockquote \
type="cite"><blockquote type="cite"><blockquote \
type="cite"><br></blockquote></blockquote></blockquote><blockquote \
type="cite"><blockquote type="cite"><blockquote type="cite">Each RFC must have at the \
very end a section giving the \
author's<br></blockquote></blockquote></blockquote><blockquote \
type="cite"><blockquote type="cite"><blockquote type="cite">address, including the \
name and postal address, the telephone \
number,<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote \
type="cite"><blockquote type="cite">(optional: a FAX number) and the Internet email \
address.<br></blockquote></blockquote></blockquote><blockquote \
type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote \
type="cite"><blockquote type="cite">The Internet is not the type of chummy small-town \
environment where we<br></blockquote></blockquote><blockquote type="cite"><blockquote \
type="cite">can trust just anybody with our home address and phone number, or \
our<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">bank \
account and credit card numbers, and where we can leave our \
front<br></blockquote></blockquote><blockquote type="cite"><blockquote \
type="cite">doors unlocked at night.<br></blockquote></blockquote><blockquote \
type="cite"><br></blockquote><blockquote type="cite">As Joel pointed out, the Last \
Call issue is the contact details for change<br></blockquote><blockquote \
type="cite">control<br></blockquote><blockquote type="cite">in the registration of a \
widely used URI with IANA, details which consist<br></blockquote><blockquote \
type="cite">solely of a gmail address. Is that enough to grant change control \
of this<br></blockquote><blockquote type="cite">URI (in which a number of people from \
a number of organisations have<br></blockquote><blockquote type="cite">expressed an \
ongoing interest)?<br></blockquote><blockquote type="cite"><br></blockquote><br>What, \
exactly, is the issue here ? How IANA authenticates someone with change control over \
some resource ?<br>That, clearly, is a lot bigger than just this RFC. I would assume \
(and feel sure) that IANA is not just blindly going by<br>email address, but by their \
judgement. I am also not sure what having an address will do to help with this. I \
doubt IANA<br>will be sending inspectors to people's houses asking to see \
ID.<br><br>If there seems to be of particular risk of such attacks for this URI, I \
would suggest adding <br>text in the security section (or the IANA \
considerations).<br><br>If impersonation attacks seem like a real threat in general, \
then someone who feels that way <br>should write a draft specifying how IANA should \
authenticate people.<br><br>Regards<br>Marshall<br><br><blockquote \
type="cite">RFC4395 appears to be silent.<br></blockquote><blockquote \
type="cite"><br></blockquote><blockquote type="cite">Tom \
Petch<br></blockquote><blockquote type="cite"><br></blockquote><blockquote \
type="cite"><blockquote type="cite">I worked on two I-Ds in a WG where participant A \
once responded to<br></blockquote></blockquote><blockquote type="cite"><blockquote \
type="cite">participant B's support of an RFC 3683 P-R action against A \
by<br></blockquote></blockquote><blockquote type="cite"><blockquote \
type="cite">contacting B's employer, gleaned from his e-mail address, demanding \
that<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">the \
employer take professional action against B. In this type \
of<br></blockquote></blockquote><blockquote type="cite"><blockquote \
type="cite">hostile environment, I declined to state my employer's name or post \
to<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">the \
WG list from my work address, much less divulge other \
personal<br></blockquote></blockquote><blockquote type="cite"><blockquote \
type="cite">information, and edited both RFC 4645 and 5646 as \
"Consultant."<br></blockquote></blockquote><blockquote type="cite"><blockquote \
type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote \
type="cite">The argument that personal information is necessary to distinguish \
the<br></blockquote></blockquote><blockquote type="cite"><blockquote \
type="cite">author from other people with the same name probably carries some \
weight<br></blockquote></blockquote><blockquote type="cite"><blockquote \
type="cite">for authors named "John Smith" or "Bob Miller." There are few \
enough<br></blockquote></blockquote><blockquote type="cite"><blockquote \
type="cite">people named "Doug Ewell" in the world that the risk of ambiguity \
of<br></blockquote></blockquote><blockquote type="cite"><blockquote \
type="cite">authorship seems much more remote than the risk to personal security \
if<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">too \
much personal information is provided. I suspect the same is \
true<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">for \
people named "Mykyta Yevstifeyev."<br></blockquote></blockquote><blockquote \
type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote \
type="cite"><blockquote type="cite">Having said that, I don't think there is any \
precedent for I-D authors<br></blockquote></blockquote><blockquote \
type="cite"><blockquote type="cite">or editors to claim their document was written by \
"IETF" or "IESG," and<br></blockquote></blockquote><blockquote \
type="cite"><blockquote type="cite">I doubt this will be \
permitted.<br></blockquote></blockquote><blockquote type="cite"><blockquote \
type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote \
type="cite">--<br></blockquote></blockquote><blockquote type="cite"><blockquote \
type="cite">Doug Ewell | Thornton, Colorado, USA | <a \
href="http://www.ewellic.org">http://www.ewellic.org</a><br></blockquote></blockquote><blockquote \
type="cite"><blockquote type="cite">RFC 5645, 4645, UTN #14 | ietf-languages @ is dot \
gd slash 2kf0s <br></blockquote></blockquote><blockquote type="cite"><blockquote \
type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote \
type="cite">_______________________________________________<br></blockquote></blockquote><blockquote \
type="cite"><blockquote type="cite">Ietf mailing \
list<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><a \
href="mailto:Ietf@ietf.org">Ietf@ietf.org</a><br></blockquote></blockquote><blockquote \
type="cite"><blockquote type="cite"><a \
href="https://www.ietf.org/mailman/listinfo/ietf">https://www.ietf.org/mailman/listinfo/ietf</a><br></blockquote></blockquote><blockquote \
type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote \
type="cite"><br></blockquote><blockquote \
type="cite">_______________________________________________<br></blockquote><blockquote \
type="cite">Ietf mailing list<br></blockquote><blockquote type="cite"><a \
href="mailto:Ietf@ietf.org">Ietf@ietf.org</a><br></blockquote><blockquote \
type="cite"><a href="https://www.ietf.org/mailman/listinfo/ietf">https://www.ietf.org/mailman/listinfo/ietf</a><br></blockquote><blockquote \
type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote \
type="cite"><br></blockquote><blockquote type="cite">-- <br></blockquote><blockquote \
type="cite">Website: <a \
href="http://hallambaker.com/">http://hallambaker.com/</a><br></blockquote><blockquote \
type="cite"><br></blockquote><blockquote \
type="cite">_______________________________________________<br></blockquote><blockquote \
type="cite">Ietf mailing list<br></blockquote><blockquote type="cite"><a \
href="mailto:Ietf@ietf.org">Ietf@ietf.org</a><br></blockquote><blockquote \
type="cite"><a href="https://www.ietf.org/mailman/listinfo/ietf">https://www.ietf.org/ \
mailman/listinfo/ietf</a><br></blockquote><br></div></blockquote></div><br></body></html>
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic