From: Tim Salo <salo(_at_)networkcs(_dot_)com>
To: ietf(_at_)ietf(_dot_)org
I recently noticed that ftp.ietf.org requires the use of an e-mail
address (well, ok, something that looks like an e-mail address) as
a password for anonymous login. ...
I obviously wasn't particularly clear about my concerns in my original note.
I'm concerned that by asking for an e-mail address prior to permitting
access to documents, the IETF may be projecting a poor public image of the
organization and its its efforts to assure online privacy.
[...]
No, I don't think this is a big privacy breach. Rather, it is a matter
of projecting an appearance that the IETF takes network privacy seriously.
I am pragmatic. If the current string
331 Guest login ok, send your complete e-mail address as password.
is replaced with
331 Guest login ok, send your complete e-mail address or "anon(_at_)invalid" as
password.
and
530-You must supply a valid email address as your password.
530-For example, "mike(_at_)nirvana(_dot_)ncemrsoft(_dot_)com" is okay.
with
530-You should supply a valid email address as your password.
530-For example, "mike(_at_)nirvana(_dot_)ncemrsoft(_dot_)com" is okay,
530-but "anon(_at_)invalid" is accepted too.
I think that privacy concerns would be correctly addressed.
ciao, .mau.