Re: [apps-discuss] Last Call: <draft-ietf-appsawg-webfinger-10.txt> (WebFinger) to Proposed Standard
Alissa Cooper <acooper@cdt.org> Thu, 21 March 2013 13:44 UTC
Return-Path: <acooper@cdt.org>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BEB221F8F1E; Thu, 21 Mar 2013 06:44:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.552
X-Spam-Level:
X-Spam-Status: No, score=-102.552 tagged_above=-999 required=5 tests=[AWL=0.047, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 77sdWnP3FrFc; Thu, 21 Mar 2013 06:44:35 -0700 (PDT)
Received: from mail.maclaboratory.net (mail.maclaboratory.net [209.190.215.232]) by ietfa.amsl.com (Postfix) with ESMTP id DCD8121F8F0B; Thu, 21 Mar 2013 06:44:34 -0700 (PDT)
X-Footer: Y2R0Lm9yZw==
Received: from localhost ([127.0.0.1]) by mail.maclaboratory.net (using TLSv1/SSLv3 with cipher AES128-SHA (128 bits)); Thu, 21 Mar 2013 09:44:32 -0400
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Alissa Cooper <acooper@cdt.org>
In-Reply-To: <055401ce25d3$5566f120$0034d360$@packetizer.com>
Date: Thu, 21 Mar 2013 09:44:33 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <8E7B73F6-808B-4D8B-BE42-73A56C475C06@cdt.org>
References: <20130304202424.31062.61240.idtracker@ietfa.amsl.com> <A437CC8E-63D9-41C2-A22B-1B379270CE2A@cdt.org> <055401ce25d3$5566f120$0034d360$@packetizer.com>
To: "Paul E. Jones" <paulej@packetizer.com>
X-Mailer: Apple Mail (2.1499)
Cc: webfinger@ietf.org, ietf@ietf.org, apps-discuss@ietf.org
Subject: Re: [apps-discuss] Last Call: <draft-ietf-appsawg-webfinger-10.txt> (WebFinger) to Proposed Standard
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Mar 2013 13:44:36 -0000
I suggest adding the sentence without the word "implicitly." The result would be: "Further, WebFinger MUST NOT be used to provide any personal information to any party unless explicitly authorized by the person whose information is being shared. Publishing one's personal data within an access-controlled or otherwise limited environment on the Internet does not equate to providing authorization of further publication of that data via WebFinger." Thanks, Alissa On Mar 20, 2013, at 9:28 PM, Paul E. Jones <paulej@packetizer.com> wrote: > Alissa, > > It was suggested that we remove the word "implicit". I'm OK with removing > it. If we did that, would you want to add this new sentence or a modified > version of it? > > Paul > >> -----Original Message----- >> From: apps-discuss-bounces@ietf.org [mailto:apps-discuss- >> bounces@ietf.org] On Behalf Of Alissa Cooper >> Sent: Monday, March 18, 2013 11:31 AM >> To: ietf@ietf.org >> Cc: apps-discuss@ietf.org >> Subject: Re: [apps-discuss] Last Call: <draft-ietf-appsawg-webfinger- >> 10.txt> (WebFinger) to Proposed Standard >> >> Given how little control Internet users already have over which >> information about them appears in which context, I do not have a lot of >> confidence that the claimed discoverability benefits of WebFinger >> outweigh its potential to further degrade users' ability to keep >> particular information about themselves within specific silos. However, >> I'm coming quite late to this document, so perhaps that balancing has >> already been discussed, and it strikes me as unreasonable to try to >> stand in the way of publication at this point. >> >> Two suggestions in section 8: >> >> s/personal information/personal data/ >> (see http://tools.ietf.org/html/draft-iab-privacy-considerations- >> 06#section-2.2 -- personal data is a more widely accepted term and >> covers a larger range of information about people) >> >> The normative prohibition against using WebFinger to publish personal >> data without authorization is good, but the notion of implicit >> authorization leaves much uncertainty about what I imagine will be a use >> case of interest: taking information out of a controlled context and >> making it more widely available. To make it obvious that this has been >> considered, I would suggest adding one more sentence to the end of the >> fourth paragraph: >> >> "Publishing one's personal data within an access-controlled or otherwise >> limited environment on the Internet does not equate to providing >> implicit authorization of further publication of that data via >> WebFinger." >> >> Alissa >> >> On Mar 4, 2013, at 3:24 PM, The IESG <iesg-secretary@ietf.org> wrote: >> >>> >>> The IESG has received a request from the Applications Area Working >>> Group WG (appsawg) to consider the following document: >>> - 'WebFinger' >>> <draft-ietf-appsawg-webfinger-10.txt> as Proposed Standard >>> >>> The IESG plans to make a decision in the next few weeks, and solicits >>> final comments on this action. Please send substantive comments to the >>> ietf@ietf.org mailing lists by 2013-03-18. Exceptionally, comments may >>> be sent to iesg@ietf.org instead. In either case, please retain the >>> beginning of the Subject line to allow automated sorting. >>> >>> Abstract >>> >>> >>> This specification defines the WebFinger protocol, which can be used >>> to discover information about people or other entities on the >>> Internet using standard HTTP methods. WebFinger discovers >>> information for a URI that might not be usable as a locator >>> otherwise, such as account or email URIs. >>> >>> >>> >>> >>> The file can be obtained via >>> http://datatracker.ietf.org/doc/draft-ietf-appsawg-webfinger/ >>> >>> IESG discussion can be tracked via >>> http://datatracker.ietf.org/doc/draft-ietf-appsawg-webfinger/ballot/ >>> >>> >>> No IPR declarations have been submitted directly on this I-D. >>> >>> >>> _______________________________________________ >>> apps-discuss mailing list >>> apps-discuss@ietf.org >>> https://www.ietf.org/mailman/listinfo/apps-discuss >>> >> >> >> _______________________________________________ >> apps-discuss mailing list >> apps-discuss@ietf.org >> https://www.ietf.org/mailman/listinfo/apps-discuss > >
- [apps-discuss] Last Call: <draft-ietf-appsawg-web… The IESG
- [apps-discuss] Last Call: <draft-ietf-appsawg-web… The IESG
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Alissa Cooper
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Hannes Tschofenig
- [apps-discuss] R: Last Call: <draft-ietf-appsawg-… Goix Laurent Walter
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Paul E. Jones
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Paul E. Jones
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Alissa Cooper
- Re: [apps-discuss] Last Call: <draft-ietf-appsawg… Paul E. Jones