Re: [111attendees] Why do we allow people to edit CodiMD meeting notes who are not logged in?

"Salz, Rich" <rsalz@akamai.com> Sun, 01 August 2021 14:50 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: 111attendees@ietfa.amsl.com
Delivered-To: 111attendees@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 121483A3F3E for <111attendees@ietfa.amsl.com>; Sun, 1 Aug 2021 07:50:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.249
X-Spam-Level:
X-Spam-Status: No, score=-3.249 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iIZD5V8akCDx for <111attendees@ietfa.amsl.com>; Sun, 1 Aug 2021 07:50:51 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B25DD3A3F41 for <111attendees@ietf.org>; Sun, 1 Aug 2021 07:50:50 -0700 (PDT)
Received: from pps.filterd (m0050096.ppops.net [127.0.0.1]) by m0050096.ppops.net-00190b01. (8.16.0.43/8.16.0.43) with SMTP id 171EnnOm006899; Sun, 1 Aug 2021 15:50:48 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=3plj9O4HnaETk6e71kQu24fie6SDcbt6qLAAoaoeNkU=; b=CPL3rwh8fm5rwsISO9qO3fUzSpaoe0EF3ZzM7crwIJHkDs267VlgsnVs5tz/H3DBeQsa TtnMCsSjQYss9n2tm+sh5HAHHYitmSDspYWWG6ahGs45bO4sSLZ3CfiHLiRz4welScH1 kx4/UwwovazKMfKee6qMRnrgmC8QnFA6cb03D/VE5WT/scdVlVz/VRG42bDlyEoiGKZm MJweMrzL9hxQCgWW2+xB//JRDNic9VCiFcy0mtztMo4pCiifkZTQ8+h5QKSI19MxuvVX Fr/ytnIfSeN+eJude5aHTLlJy/f/hIHfZlvxWJ5ei8vYaoGHvK3GAMYjPh2hKrbs/XO0 tA==
Received: from prod-mail-ppoint7 (a72-247-45-33.deploy.static.akamaitechnologies.com [72.247.45.33] (may be forged)) by m0050096.ppops.net-00190b01. with ESMTP id 3a4xxecbsx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 01 Aug 2021 15:50:48 +0100
Received: from pps.filterd (prod-mail-ppoint7.akamai.com [127.0.0.1]) by prod-mail-ppoint7.akamai.com (8.16.1.2/8.16.1.2) with SMTP id 171EnpTa026234; Sun, 1 Aug 2021 10:50:47 -0400
Received: from email.msg.corp.akamai.com ([172.27.165.115]) by prod-mail-ppoint7.akamai.com with ESMTP id 3a51uyper8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sun, 01 Aug 2021 10:50:47 -0400
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.165.119) by ustx2ex-dag1mb3.msg.corp.akamai.com (172.27.165.121) with Microsoft SMTP Server (TLS) id 15.0.1497.23; Sun, 1 Aug 2021 09:50:46 -0500
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.165.119]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.165.119]) with mapi id 15.00.1497.023; Sun, 1 Aug 2021 09:50:46 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: John Levine <ietf@johnlevine.com>, "111attendees@ietf.org" <111attendees@ietf.org>
CC: "jmh@joelhalpern.com" <jmh@joelhalpern.com>
Thread-Topic: [111attendees] Why do we allow people to edit CodiMD meeting notes who are not logged in?
Thread-Index: AQHXhYU2DXfZ4WM+WE6D1qot4aPtwqtcYkAAgAAYYgCAATthgIAAD+GAgAAJKoCAAP/igA==
Date: Sun, 1 Aug 2021 14:50:45 +0000
Message-ID: <7A01A718-246F-4DFD-B522-EC4D7C945199@akamai.com>
References: <8a1018d3-62da-a740-72d6-bb370af71a9e@joelhalpern.com> <20210731193455.C04E625657CF@ary.qy>
In-Reply-To: <20210731193455.C04E625657CF@ary.qy>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.51.21071101
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.164.43]
Content-Type: text/plain; charset="utf-8"
Content-ID: <7A3C1B3E517B954ABB83EAB4DA8D7365@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-08-01_02:2021-07-30, 2021-08-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 spamscore=0 mlxlogscore=656 malwarescore=0 mlxscore=0 suspectscore=0 phishscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2107140000 definitions=main-2108010109
X-Proofpoint-GUID: 0Ha4vwzXfESvb82-eejWeHlIOw0y5C__
X-Proofpoint-ORIG-GUID: 0Ha4vwzXfESvb82-eejWeHlIOw0y5C__
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-08-01_02:2021-07-30, 2021-08-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 malwarescore=0 priorityscore=1501 impostorscore=0 bulkscore=0 suspectscore=0 mlxscore=0 adultscore=0 clxscore=1011 mlxlogscore=618 spamscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2107140000 definitions=main-2108010109
X-Agari-Authentication-Results: mx.akamai.com; spf=${SPFResult} (sender IP is 72.247.45.33) smtp.mailfrom=rsalz@akamai.com smtp.helo=prod-mail-ppoint7
Archived-At: <https://mailarchive.ietf.org/arch/msg/111attendees/fug7g46_6DTEbGDtMuSLoNg5Wqg>
Subject: Re: [111attendees] Why do we allow people to edit CodiMD meeting notes who are not logged in?
X-BeenThere: 111attendees@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Mailing list for IETF 111 attendees <111attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/111attendees>, <mailto:111attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/111attendees/>
List-Post: <mailto:111attendees@ietf.org>
List-Help: <mailto:111attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/111attendees>, <mailto:111attendees-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Aug 2021 14:50:56 -0000

>   These are the formal minutes of our meetings.  I don't think it's unreasonable to expect that minimal
    level of accountability from the people writing them.

More than that, you do not want some random unauthenticated person changing their name to something like the volunteer minute-taker and making modifications.