[rfc-i] Pre-IETF RFCs to Historic (not really proposing)
dhc at dcrocker.net
Tue Sep 20 08:46:43 PDT 2011
On 9/18/2011 4:09 PM, Joe Touch wrote:
> 1) a spammer now knows the future email address of all RFC authors without
> doing the work of scraping the RFC text
Similar to the way spammers can 'know' addresses by using IETF mailing lists.
In other words, you have indeed probably identified an attack vector that is
However both history and current realities make it not a significant issue. As
I've noted, an equivalent attack vector has not been explored (much) in the past
few decades. In terms of current realities, as John Levine notes, this kind of
attack simply isn't in the style or scale of real-world spammers.
> The IETF configures email lists to "hide" email addresses in ways that a
> scrape could get (touch at isi.edu, vs. touch at isi.edu). If that's valuable to
> subscribers, as is hiding the full list of subscribers, then clearly not
> making these aliases available is in the same spirit.
It isn't valuable to subscribers. The hiding mechanism is not effective.
>> Whether you can foil that process depends upon the operational policies of
>> the updating organization. In the case of the IETF and/or RFC-Editor, it
>> seems more than a little likely that they would be responsive to an
>> individual's desire. As of now, I believe they are not doing updating
>> automatically (whatever that means) nor has the basis for updating been
>> discussed in the proposal for a role address.
> That was what was proposed, and that's the part I am concerned about.
Rather than such a vigorous attack on this entire idea, it would be more helpful
to contribute to the functional spec for the updating process, to ensure
adequate convenience and 'protection'.
More information about the rfc-interest