ietf
[Top] [All Lists]

Re: author's address (was: Re: Fwd: [OPS-DIR] OPS-DIR Reviewofdraft-yevstifeyev-tn3270-uri-12)

2011-01-21 11:45:02
Greetings,

Sorry I'm late to the discussion, but I wanted to point out our actual policy 
regarding the Author's Address:

From "RFC Document Style" (http://www.rfc-editor.org/rfc-style-guide/rfc-style)
4.9.  "Author's Address" Section

   This required section gives contact information for the author(s)
   listed in the first-page header, and perhaps those listed in a
   Contributors section.

   Contact information must include at least one, and ideally would
   include all, of a postal address, a telephone number and/or FAX
   number, and a long-lived email address.  The purpose of this section
   is to (1) unambiguously define author/contributor identity (e.g., the
   John Smith who works for FooBar Systems) and to (2) provide contact
   information for future readers who have questions or comments.  Note
   that some professional societies offer long-lived email addresses for
   their members.

Typically, we'll request an email address (at minimum) because we (RFC 
Production Center) need to be able to contact the authors via email and get 
author approval for the document.  
Please let me know if you have any questions or if this causes any concern.

Thanks!
Sandy (for the RFC Production Center)


On Jan 14, 2011, at 7:06 AM, Marshall Eubanks wrote:


On Jan 14, 2011, at 7:45 AM, Phillip Hallam-Baker wrote:

I believe that my personal security trumps any and all considerations that 
might be raised here.

I do not give my home address out and do not intend to change. If the RFC 
editor were to insist that the fields are filled they are going to get a 
fake address.



They should not insist on anything of the sort. 

Corporate addresses are even less useful. Very few people in the IETF have 
the same employer for more than five years. And even those who have the same 
employer are unlikely to have the same office building very long.


On Fri, Jan 14, 2011 at 4:11 AM, t.petch <daedulus(_at_)btconnect(_dot_)com> 
wrote:
----- Original Message -----
From: "Doug Ewell" <doug(_at_)ewellic(_dot_)org>
To: "The IETF" <ietf(_at_)ietf(_dot_)org>
Sent: Friday, January 14, 2011 6:56 AM
Subject: Re: author's address (was: Re: Fwd: [OPS-DIR] OPS-DIR
Reviewofdraft-yevstifeyev-tn3270-uri-12)


Peter Saint-Andre wrote:

For what it's worth, Section 10 of the informational RFC 2223
("Instructions to RFC Authors") states:

Each RFC must have at the very end a section giving the author's
address, including the name and postal address, the telephone number,
(optional: a FAX number) and the Internet email address.

The Internet is not the type of chummy small-town environment where we
can trust just anybody with our home address and phone number, or our
bank account and credit card numbers, and where we can leave our front
doors unlocked at night.

As Joel pointed out, the Last Call issue is the contact details for change
control
in the registration of a widely used URI with IANA, details which consist
solely of a gmail address.  Is that enough to grant change control of this
URI (in which a number of people from a number of organisations have
expressed an ongoing interest)?


What, exactly, is the issue here ? How IANA authenticates someone with change 
control over some resource ?
That, clearly, is a lot bigger than just this RFC. I would assume (and feel 
sure) that IANA is not just blindly going by
email address, but by their judgement. I am also not sure what having an 
address will do to help with this. I doubt IANA
will be sending inspectors to people's houses asking to see ID.

If there seems to be of particular risk of such attacks for this URI, I would 
suggest adding 
text in the security section (or the IANA considerations).

If impersonation attacks seem like a real threat in general, then someone who 
feels that way 
should write a draft specifying how IANA should authenticate people.

Regards
Marshall

RFC4395 appears to be silent.

Tom Petch

I worked on two I-Ds in a WG where participant A once responded to
participant B's support of an RFC 3683 P-R action against A by
contacting B's employer, gleaned from his e-mail address, demanding that
the employer take professional action against B.  In this type of
hostile environment, I declined to state my employer's name or post to
the WG list from my work address, much less divulge other personal
information, and edited both RFC 4645 and 5646 as "Consultant."

The argument that personal information is necessary to distinguish the
author from other people with the same name probably carries some weight
for authors named "John Smith" or "Bob Miller."  There are few enough
people named "Doug Ewell" in the world that the risk of ambiguity of
authorship seems much more remote than the risk to personal security if
too much personal information is provided.  I suspect the same is true
for people named "Mykyta Yevstifeyev."

Having said that, I don't think there is any precedent for I-D authors
or editors to claim their document was written by "IETF" or "IESG," and
I doubt this will be permitted.

--
Doug Ewell | Thornton, Colorado, USA | http://www.ewellic.org
RFC 5645, 4645, UTN #14 | ietf-languages @ is dot gd slash 2kf0s 

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf



-- 
Website: http://hallambaker.com/

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf