Re: [111attendees] Why do we allow people to edit CodiMD meeting notes who are not logged in?

Carsten Bormann <cabo@tzi.org> Fri, 30 July 2021 23:16 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: 111attendees@ietfa.amsl.com
Delivered-To: 111attendees@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47B7F3A15A5 for <111attendees@ietfa.amsl.com>; Fri, 30 Jul 2021 16:16:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3pBazgQzGwSa for <111attendees@ietfa.amsl.com>; Fri, 30 Jul 2021 16:16:34 -0700 (PDT)
Received: from gabriel-smtp.zfn.uni-bremen.de (gabriel-smtp.zfn.uni-bremen.de [IPv6:2001:638:708:32::15]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3A3D3A15A3 for <111attendees@ietf.org>; Fri, 30 Jul 2021 16:16:33 -0700 (PDT)
Received: from smtpclient.apple (p548dcc89.dip0.t-ipconnect.de [84.141.204.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4Gc3Dv1032z31Vb; Sat, 31 Jul 2021 01:16:31 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <20210730214914.y4zrqylmn7ynf2cj@localhost>
Date: Sat, 31 Jul 2021 01:16:30 +0200
Cc: 111attendees@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <38B67AAA-0565-4BAE-9ECE-6236C254BF57@tzi.org>
References: <CAED43EF-EA07-4B1F-9826-D2D8F890FB4A@tzi.org> <20210730214914.y4zrqylmn7ynf2cj@localhost>
To: Matthew Finkel <sysrqb@torproject.org>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/111attendees/R4wNx1tY7lTzYfz_DbrxrYTBqro>
Subject: Re: [111attendees] Why do we allow people to edit CodiMD meeting notes who are not logged in?
X-BeenThere: 111attendees@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Mailing list for IETF 111 attendees <111attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/111attendees>, <mailto:111attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/111attendees/>
List-Post: <mailto:111attendees@ietf.org>
List-Help: <mailto:111attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/111attendees>, <mailto:111attendees-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 23:16:38 -0000

On 30. Jul 2021, at 23:49, Matthew Finkel <sysrqb@torproject.org> wrote:
> 
> I'm still new around here, so please excuse my ignorance. Are you
> concerned about malicious edits? Have you seen abuse? Is there an
> inherent need for edit attribution?

Much less nefarious — I was taking notes with two other people, and I couldn’t see who they were — a little nudge to authenticate in the browser that you use for note-taking would take this uncertainty away.

(Why is that important?  If you do shared note taking, you want to know who is distracted, who knows about a particular subject so you can let them write that up, etc.  It’s just harder to fly blind.)

The possibility of malicious edits hasn’t hit us yet, and it might, so that may be another reason to go for “logged in” authorization.
But those really determined to grief would find a way anyway...

Grüße, Carsten