Re: [apps-discuss] Last Call: <draft-ietf-appsawg-webfinger-10.txt> (WebFinger) to Proposed Standard
"Paul E. Jones" <paulej@packetizer.com> Fri, 22 March 2013 02:08 UTC
Return-Path: <paulej@packetizer.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EBE421F86F0; Thu, 21 Mar 2013 19:08:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.574
X-Spam-Level:
X-Spam-Status: No, score=-2.574 tagged_above=-999 required=5 tests=[AWL=0.025, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WGTrfYS6wHHz; Thu, 21 Mar 2013 19:08:31 -0700 (PDT)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) by ietfa.amsl.com (Postfix) with ESMTP id 2D19C21F86E6; Thu, 21 Mar 2013 19:08:31 -0700 (PDT)
Received: from sydney (rrcs-98-101-148-48.midsouth.biz.rr.com [98.101.148.48]) (authenticated bits=0) by dublin.packetizer.com (8.14.5/8.14.5) with ESMTP id r2M28CVH005306 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 21 Mar 2013 22:08:14 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=packetizer.com; s=dublin; t=1363918094; bh=bc15GVl2xaDMJW/1FawH8hpFk6YTLJ0bIZ4Il1mluAw=; h=From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID: MIME-Version:Content-Type:Content-Transfer-Encoding; b=OuwrAyv1pVFP3rfmOFuvqg4kJI7YAwFWz99H4Fh45xxHS0pQ92vueqGm+v6EqLk9t Ae5yyApRyx0baosXXeTmcbvEhG3wXhEJ+VSsvsj/bvtk4or4l8WOcMw1ZFnovPKfGb M4boRJB4lAPMwLUAFvQ2IMzUQkUV082iET/RxdLE=
From: "Paul E. Jones" <paulej@packetizer.com>
To: 'Alissa Cooper' <acooper@cdt.org>
References: <20130304202424.31062.61240.idtracker@ietfa.amsl.com> <A437CC8E-63D9-41C2-A22B-1B379270CE2A@cdt.org> <055401ce25d3$5566f120$0034d360$@packetizer.com> <8E7B73F6-808B-4D8B-BE42-73A56C475C06@cdt.org>
In-Reply-To: <8E7B73F6-808B-4D8B-BE42-73A56C475C06@cdt.org>
Date: Thu, 21 Mar 2013 22:08:31 -0400
Message-ID: <010f01ce26a2$2804e550$780eaff0$@packetizer.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQKDaKO5ldokcAP290Gb0nohuKjS1AOIlQ8RAuxRp2gCurAmypb89gJw
Content-Language: en-us
Cc: webfinger@ietf.org, ietf@ietf.org, apps-discuss@ietf.org
Subject: Re: [apps-discuss] Last Call: <draft-ietf-appsawg-webfinger-10.txt> (WebFinger) to Proposed Standard
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2013 02:08:32 -0000
Got it. Thanks! I'll make that change. Paul > -----Original Message----- > From: Alissa Cooper [mailto:acooper@cdt.org] > Sent: Thursday, March 21, 2013 9:45 AM > To: Paul E. Jones > Cc: ietf@ietf.org; apps-discuss@ietf.org; webfinger@ietf.org > Subject: Re: [apps-discuss] Last Call: <draft-ietf-appsawg-webfinger- > 10.txt> (WebFinger) to Proposed Standard > > I suggest adding the sentence without the word "implicitly." The result > would be: > > "Further, WebFinger MUST NOT be used to provide any personal information > to any party unless explicitly authorized by the person whose > information is being shared. Publishing one's personal data within an > access-controlled or otherwise limited environment on the Internet does > not equate to providing authorization of further publication of that > data via WebFinger." > > Thanks, > Alissa > > On Mar 20, 2013, at 9:28 PM, Paul E. Jones <paulej@packetizer.com> wrote: > > > Alissa, > > > > It was suggested that we remove the word "implicit". I'm OK with > > removing it. If we did that, would you want to add this new sentence > > or a modified version of it? > > > > Paul > > > >> -----Original Message----- > >> From: apps-discuss-bounces@ietf.org [mailto:apps-discuss- > >> bounces@ietf.org] On Behalf Of Alissa Cooper > >> Sent: Monday, March 18, 2013 11:31 AM > >> To: ietf@ietf.org > >> Cc: apps-discuss@ietf.org > >> Subject: Re: [apps-discuss] Last Call: <draft-ietf-appsawg-webfinger- > >> 10.txt> (WebFinger) to Proposed Standard > >> > >> Given how little control Internet users already have over which > >> information about them appears in which context, I do not have a lot > >> of confidence that the claimed discoverability benefits of WebFinger > >> outweigh its potential to further degrade users' ability to keep > >> particular information about themselves within specific silos. > >> However, I'm coming quite late to this document, so perhaps that > >> balancing has already been discussed, and it strikes me as > >> unreasonable to try to stand in the way of publication at this point. > >> > >> Two suggestions in section 8: > >> > >> s/personal information/personal data/ (see > >> http://tools.ietf.org/html/draft-iab-privacy-considerations- > >> 06#section-2.2 -- personal data is a more widely accepted term and > >> covers a larger range of information about people) > >> > >> The normative prohibition against using WebFinger to publish personal > >> data without authorization is good, but the notion of implicit > >> authorization leaves much uncertainty about what I imagine will be a > >> use case of interest: taking information out of a controlled context > >> and making it more widely available. To make it obvious that this has > >> been considered, I would suggest adding one more sentence to the end > >> of the fourth paragraph: > >> > >> "Publishing one's personal data within an access-controlled or > >> otherwise limited environment on the Internet does not equate to > >> providing implicit authorization of further publication of that data > >> via WebFinger." > >> > >> Alissa > >> > >> On Mar 4, 2013, at 3:24 PM, The IESG <iesg-secretary@ietf.org> wrote: > >> > >>> > >>> The IESG has received a request from the Applications Area Working > >>> Group WG (appsawg) to consider the following document: > >>> - 'WebFinger' > >>> <draft-ietf-appsawg-webfinger-10.txt> as Proposed Standard > >>> > >>> The IESG plans to make a decision in the next few weeks, and > >>> solicits final comments on this action. Please send substantive > >>> comments to the ietf@ietf.org mailing lists by 2013-03-18. > >>> Exceptionally, comments may be sent to iesg@ietf.org instead. In > >>> either case, please retain the beginning of the Subject line to > allow automated sorting. > >>> > >>> Abstract > >>> > >>> > >>> This specification defines the WebFinger protocol, which can be > >>> used to discover information about people or other entities on the > >>> Internet using standard HTTP methods. WebFinger discovers > >>> information for a URI that might not be usable as a locator > >>> otherwise, such as account or email URIs. > >>> > >>> > >>> > >>> > >>> The file can be obtained via > >>> http://datatracker.ietf.org/doc/draft-ietf-appsawg-webfinger/ > >>> > >>> IESG discussion can be tracked via > >>> http://datatracker.ietf.org/doc/draft-ietf-appsawg-webfinger/ballot/ > >>> > >>> > >>> No IPR declarations have been submitted directly on this I-D. > >>> > >>> > >>> _______________________________________________ > >>> apps-discuss mailing list > >>> apps-discuss@ietf.org > >>> https://www.ietf.org/mailman/listinfo/apps-discuss > >>> > >> > >> > >> _______________________________________________ > >> apps-discuss mailing list > >> apps-discuss@ietf.org > >> https://www.ietf.org/mailman/listinfo/apps-discuss > > > > >
- [apps-discuss] Last Call: <draft-ietf-appsawg-web… The IESG
- [apps-discuss] Last Call: <draft-ietf-appsawg-web… The IESG
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Alissa Cooper
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Hannes Tschofenig
- [apps-discuss] R: Last Call: <draft-ietf-appsawg-… Goix Laurent Walter
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Paul E. Jones
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Paul E. Jones
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Alissa Cooper
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Paul E. Jones