Re: [apps-discuss] Last Call: <draft-ietf-appsawg-webfinger-10.txt> (WebFinger) to Proposed Standard

"Paul E. Jones" <paulej@packetizer.com> Fri, 22 March 2013 02:08 UTC

Return-Path: <paulej@packetizer.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EBE421F86F0; Thu, 21 Mar 2013 19:08:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.574
X-Spam-Level:
X-Spam-Status: No, score=-2.574 tagged_above=-999 required=5 tests=[AWL=0.025, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WGTrfYS6wHHz; Thu, 21 Mar 2013 19:08:31 -0700 (PDT)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) by ietfa.amsl.com (Postfix) with ESMTP id 2D19C21F86E6; Thu, 21 Mar 2013 19:08:31 -0700 (PDT)
Received: from sydney (rrcs-98-101-148-48.midsouth.biz.rr.com [98.101.148.48]) (authenticated bits=0) by dublin.packetizer.com (8.14.5/8.14.5) with ESMTP id r2M28CVH005306 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 21 Mar 2013 22:08:14 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=packetizer.com; s=dublin; t=1363918094; bh=bc15GVl2xaDMJW/1FawH8hpFk6YTLJ0bIZ4Il1mluAw=; h=From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID: MIME-Version:Content-Type:Content-Transfer-Encoding; b=OuwrAyv1pVFP3rfmOFuvqg4kJI7YAwFWz99H4Fh45xxHS0pQ92vueqGm+v6EqLk9t Ae5yyApRyx0baosXXeTmcbvEhG3wXhEJ+VSsvsj/bvtk4or4l8WOcMw1ZFnovPKfGb M4boRJB4lAPMwLUAFvQ2IMzUQkUV082iET/RxdLE=
From: "Paul E. Jones" <paulej@packetizer.com>
To: 'Alissa Cooper' <acooper@cdt.org>
References: <20130304202424.31062.61240.idtracker@ietfa.amsl.com> <A437CC8E-63D9-41C2-A22B-1B379270CE2A@cdt.org> <055401ce25d3$5566f120$0034d360$@packetizer.com> <8E7B73F6-808B-4D8B-BE42-73A56C475C06@cdt.org>
In-Reply-To: <8E7B73F6-808B-4D8B-BE42-73A56C475C06@cdt.org>
Date: Thu, 21 Mar 2013 22:08:31 -0400
Message-ID: <010f01ce26a2$2804e550$780eaff0$@packetizer.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQKDaKO5ldokcAP290Gb0nohuKjS1AOIlQ8RAuxRp2gCurAmypb89gJw
Content-Language: en-us
Cc: webfinger@ietf.org, ietf@ietf.org, apps-discuss@ietf.org
Subject: Re: [apps-discuss] Last Call: <draft-ietf-appsawg-webfinger-10.txt> (WebFinger) to Proposed Standard
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2013 02:08:32 -0000

Got it.  Thanks!  I'll make that change.

Paul

> -----Original Message-----
> From: Alissa Cooper [mailto:acooper@cdt.org]
> Sent: Thursday, March 21, 2013 9:45 AM
> To: Paul E. Jones
> Cc: ietf@ietf.org; apps-discuss@ietf.org; webfinger@ietf.org
> Subject: Re: [apps-discuss] Last Call: <draft-ietf-appsawg-webfinger-
> 10.txt> (WebFinger) to Proposed Standard
> 
> I suggest adding the sentence without the word "implicitly." The result
> would be:
> 
> "Further, WebFinger MUST NOT be used to provide any personal information
> to any party unless explicitly authorized by the person whose
> information is being shared. Publishing one's personal data within an
> access-controlled or otherwise limited environment on the Internet does
> not equate to providing authorization of further publication of that
> data via WebFinger."
> 
> Thanks,
> Alissa
> 
> On Mar 20, 2013, at 9:28 PM, Paul E. Jones <paulej@packetizer.com> wrote:
> 
> > Alissa,
> >
> > It was suggested that we remove the word "implicit".  I'm OK with
> > removing it.  If we did that, would you want to add this new sentence
> > or a modified version of it?
> >
> > Paul
> >
> >> -----Original Message-----
> >> From: apps-discuss-bounces@ietf.org [mailto:apps-discuss-
> >> bounces@ietf.org] On Behalf Of Alissa Cooper
> >> Sent: Monday, March 18, 2013 11:31 AM
> >> To: ietf@ietf.org
> >> Cc: apps-discuss@ietf.org
> >> Subject: Re: [apps-discuss] Last Call: <draft-ietf-appsawg-webfinger-
> >> 10.txt> (WebFinger) to Proposed Standard
> >>
> >> Given how little control Internet users already have over which
> >> information about them appears in which context, I do not have a lot
> >> of confidence that the claimed discoverability benefits of WebFinger
> >> outweigh its potential to further degrade users' ability to keep
> >> particular information about themselves within specific silos.
> >> However, I'm coming quite late to this document, so perhaps that
> >> balancing has already been discussed, and it strikes me as
> >> unreasonable to try to stand in the way of publication at this point.
> >>
> >> Two suggestions in section 8:
> >>
> >> s/personal information/personal data/ (see
> >> http://tools.ietf.org/html/draft-iab-privacy-considerations-
> >> 06#section-2.2 -- personal data is a more widely accepted term and
> >> covers a larger range of information about people)
> >>
> >> The normative prohibition against using WebFinger to publish personal
> >> data without authorization is good, but the notion of implicit
> >> authorization leaves much uncertainty about what I imagine will be a
> >> use case of interest: taking information out of a controlled context
> >> and making it more widely available. To make it obvious that this has
> >> been considered, I would suggest adding one more sentence to the end
> >> of the fourth paragraph:
> >>
> >> "Publishing one's personal data within an access-controlled or
> >> otherwise limited environment on the Internet does not equate to
> >> providing implicit authorization of further publication of that data
> >> via WebFinger."
> >>
> >> Alissa
> >>
> >> On Mar 4, 2013, at 3:24 PM, The IESG <iesg-secretary@ietf.org> wrote:
> >>
> >>>
> >>> The IESG has received a request from the Applications Area Working
> >>> Group WG (appsawg) to consider the following document:
> >>> - 'WebFinger'
> >>> <draft-ietf-appsawg-webfinger-10.txt> as Proposed Standard
> >>>
> >>> The IESG plans to make a decision in the next few weeks, and
> >>> solicits final comments on this action. Please send substantive
> >>> comments to the ietf@ietf.org mailing lists by 2013-03-18.
> >>> Exceptionally, comments may be sent to iesg@ietf.org instead. In
> >>> either case, please retain the beginning of the Subject line to
> allow automated sorting.
> >>>
> >>> Abstract
> >>>
> >>>
> >>>  This specification defines the WebFinger protocol, which can be
> >>> used  to discover information about people or other entities on the
> >>> Internet using standard HTTP methods.  WebFinger discovers
> >>> information for a URI that might not be usable as a locator
> >>> otherwise, such as account or email URIs.
> >>>
> >>>
> >>>
> >>>
> >>> The file can be obtained via
> >>> http://datatracker.ietf.org/doc/draft-ietf-appsawg-webfinger/
> >>>
> >>> IESG discussion can be tracked via
> >>> http://datatracker.ietf.org/doc/draft-ietf-appsawg-webfinger/ballot/
> >>>
> >>>
> >>> No IPR declarations have been submitted directly on this I-D.
> >>>
> >>>
> >>> _______________________________________________
> >>> apps-discuss mailing list
> >>> apps-discuss@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/apps-discuss
> >>>
> >>
> >>
> >> _______________________________________________
> >> apps-discuss mailing list
> >> apps-discuss@ietf.org
> >> https://www.ietf.org/mailman/listinfo/apps-discuss
> >
> >
>