Re: ORCID - unique identifiers for contributors
Yoav Nir <ynir@checkpoint.com> Mon, 16 September 2013 21:03 UTC
Return-Path: <ynir@checkpoint.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8954011E8270 for <ietf@ietfa.amsl.com>; Mon, 16 Sep 2013 14:03:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.165
X-Spam-Level:
X-Spam-Status: No, score=-10.165 tagged_above=-999 required=5 tests=[AWL=0.434, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LneFXYsosTVt for <ietf@ietfa.amsl.com>; Mon, 16 Sep 2013 14:03:39 -0700 (PDT)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 6F83511E82DD for <ietf@ietf.org>; Mon, 16 Sep 2013 14:02:23 -0700 (PDT)
Received: from IL-EX10.ad.checkpoint.com ([194.29.34.147]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r8GL27Gd030184; Tue, 17 Sep 2013 00:02:07 +0300
X-CheckPoint: {523771CF-11-1B221DC2-1FFFF}
Received: from DAG-EX10.ad.checkpoint.com ([169.254.3.173]) by IL-EX10.ad.checkpoint.com ([169.254.2.246]) with mapi id 14.02.0347.000; Tue, 17 Sep 2013 00:02:07 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: John Levine <johnl@taugh.com>
Subject: Re: ORCID - unique identifiers for contributors
Thread-Topic: ORCID - unique identifiers for contributors
Thread-Index: AQHOsuqxQ28fLP9rCkajZh5xZKb7LpnImDaAgAAHKoCAAAiBgA==
Date: Mon, 16 Sep 2013 21:02:06 +0000
Message-ID: <C65F64A8-2D7B-47AF-BAAC-DE4DE57586B7@checkpoint.com>
References: <20130916203141.86927.qmail@joyce.lan>
In-Reply-To: <20130916203141.86927.qmail@joyce.lan>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.31.20.116]
x-kse-antivirus-interceptor-info: protection disabled
Content-Type: text/plain; charset="us-ascii"
Content-ID: <9771595138FC204B92AB04218577689D@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "<ietf@ietf.org>" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Sep 2013 21:03:45 -0000
On Sep 16, 2013, at 11:31 PM, John Levine <johnl@taugh.com> wrote: >> How do I know that the sender of this message actually has the right >> to claim the ORCID in question (0000-0001-5882-6823)? The web page >> doesn't present anything (such as a public key) that could be used >> for authentication. > > I dunno. How do we know who brian.e.carpenter@gmail.com is? What's the difference between ignorance and indifference? Whoever brian.e.carpenter@gmail.com is, it could be a man, a woman, or a whole think tank responding as one person (like NAT, but for email). Regardless, brian.e.carpenter replies to emails and publishes drafts (which requires replying to an email), and has his name on recent RFCs (which also requires replying to the AUTH48 message). So whoever is behind the email address, he, she or they are an active IETF participant. Right now, nobody is preventing me from submitting an I-D and listing Brian as co-author, except a mail would be sent to brian.e.carpenter@gmail.com, which he may or may not notice. We can't proceed to RFC without him noticing, because he has to reply to the AUTH48. Would it be possible to spoof all this? Maybe, but that's pretty much all you need to get a DV certificate. If we use ORCID instead of email, we get less strong authentication. We need to bind not the ORCID to a government-issued identity, but to all other instances of ORCID use, otherwise it doesn't uniquely identify a single entity.
- Re: ORCID - unique identifiers for bibliographers Phillip Hallam-Baker
- Re: ORCID - unique identifiers for contributors Brian E Carpenter
- ORCID - unique identifiers for contributors Andy Mabbett
- Re: ORCID - unique identifiers for contributors Dave Cridland
- Re: ORCID - unique identifiers for contributors Melinda Shore
- Re: ORCID - unique identifiers for contributors Melinda Shore
- Re: ORCID - unique identifiers for contributors Juliao Braga
- Re: ORCID - unique identifiers for contributors Scott Brim
- Re: ORCID - unique identifiers for contributors joel jaeggli
- Re: ORCID - unique identifiers for contributors Andy Mabbett
- Re: ORCID - unique identifiers for contributors John C Klensin
- Re: ORCID - unique identifiers for contributors Andy Mabbett
- Re: ORCID - unique identifiers for contributors David Morris
- Re: ORCID - unique identifiers for contributors Hector Santos
- Re: ORCID - unique identifiers for bibliographers John Levine
- Re: ORCID - unique identifiers for bibliographers Phillip Hallam-Baker
- Re: ORCID - unique identifiers for bibliographers John Levine
- Re: ORCID - unique identifiers for bibliographers Dave Cridland
- Re: ORCID - unique identifiers for contributors Brian E Carpenter
- Re: ORCID - unique identifiers for contributors John Levine
- Re: ORCID - unique identifiers for contributors Andy Mabbett
- Re: ORCID - unique identifiers for contributors Andy Mabbett
- Re: ORCID - unique identifiers for contributors Andy Mabbett
- Re: ORCID - unique identifiers for contributors Yoav Nir
- Re: ORCID - unique identifiers for contributors Andy Mabbett
- Re: ORCID - unique identifiers for contributors Melinda Shore
- RE: ORCID - unique identifiers for bibliographers Greg Daley
- RE: ORCID - unique identifiers for bibliographers John R Levine
- Re: ORCID - unique identifiers for contributors John C Klensin
- Re: ORCID - unique identifiers for contributors Andy Mabbett
- Re: ORCID - unique identifiers for contributors Melinda Shore
- Re: ORCID - unique identifiers for contributors Andy Mabbett
- Re: ORCID - unique identifiers for contributors Joel M. Halpern
- Re: ORCID - unique identifiers for contributors Hector Santos
- RE: ORCID - unique identifiers for bibliographers John C Klensin
- Re: ORCID - unique identifiers for bibliographers Dave Cridland
- Re: ORCID - unique identifiers for contributors Michael Richardson
- Re: ORCID - unique identifiers for contributors John C Klensin
- Re: ORCID - unique identifiers for contributors John Levine
- Re: [IETF] Re: ORCID - unique identifiers for con… Warren Kumari
- Re: ORCID - unique identifiers for contributors Steve Crocker
- RE: ORCID - unique identifiers for contributors Pat Thaler
- Re: ORCID - unique identifiers for contributors Scott Brim
- Re: ORCID - unique identifiers for contributors Melinda Shore
- Re: ORCID - unique identifiers for contributors Michael Tuexen
- Re: ORCID - unique identifiers for contributors Scott Brim
- Re: ORCID - unique identifiers for contributors Michael Tuexen
- Re: ORCID - unique identifiers for contributors Carsten Bormann
- Re: ORCID - unique identifiers for contributors Melinda Shore
- Re: ORCID - unique identifiers for contributors Michael Tuexen
- Re: ORCID - unique identifiers for contributors Melinda Shore
- Re: ORCID - unique identifiers for contributors Michael Tuexen
- Re: ORCID - unique identifiers for contributors Hector Santos
- Re: ORCID - unique identifiers for contributors Hector Santos
- Re: ORCID - unique identifiers for contributors Tony Hansen
- Re: ORCID - unique identifiers for contributors Yoav Nir
- Re: [IETF] Re: ORCID - unique identifiers for con… Warren Kumari
- Re: ORCID - unique identifiers for contributors Hector Santos
- Re: [IETF] Re: ORCID - unique identifiers for con… Melinda Shore
- Re: ORCID - unique identifiers for contributors Juliao Braga
- Re: [IETF] Re: ORCID - unique identifiers for con… Brian E Carpenter
- Re: ORCID - unique identifiers for contributors John Levine
- Re: [IETF] Re: ORCID - unique identifiers for con… John Levine
- Re: ORCID - unique identifiers for contributors George Michaelson
- Re: ORCID - unique identifiers for contributors Andrew G. Malis
- Re: ORCID - unique identifiers for contributors Riccardo Bernardini
- Re: ORCID - unique identifiers for contributors Abdussalam Baryun
- Re: ORCID - unique identifiers for contributors Riccardo Bernardini
- Re: ORCID - unique identifiers for contributors Ted Lemon
- Re: ORCID - unique identifiers for contributors Stephen Farrell
- Re: ORCID - unique identifiers for contributors Andy Mabbett
- Re: ORCID - unique identifiers for contributors Andy Mabbett
- Re: ORCID - unique identifiers for contributors Andy Mabbett
- Re: ORCID - unique identifiers for contributors Andy Mabbett
- Re: ORCID - unique identifiers for contributors Andy Mabbett
- Re: ORCID - unique identifiers for contributors Andy Mabbett
- Re: ORCID - unique identifiers for contributors Tony Hansen
- Re: ORCID - unique identifiers for contributors Andy Mabbett
- Re: ORCID - unique identifiers for contributors John C Klensin
- Re: ORCID - unique identifiers for contributors John Levine
- Re: ORCID - unique identifiers for contributors Spencer Dawkins
- Re: ORCID - unique identifiers for contributors Melinda Shore
- Re: ORCID - unique identifiers for contributors Noel Chiappa
- Re: ORCID - unique identifiers for contributors John Levine