IETF Logo Mail Archive

Re: The problem we could solve (re github etc.)

Alessandro Vesely <vesely@tana.it> Thu, 10 June 2021 11:24 UTC

Return-Path: <vesely@tana.it>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03B8E3A3E94 for <ietf@ietfa.amsl.com>; Thu, 10 Jun 2021 04:24:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BrPHuJI9RDZS for <ietf@ietfa.amsl.com>; Thu, 10 Jun 2021 04:24:14 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A57F3A3E91 for <ietf@ietf.org>; Thu, 10 Jun 2021 04:24:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1623324247; bh=6aK81/v7SYlkL0jRlIb9iAYtLJyM7rlgm1HIz4gPq40=; l=2163; h=To:References:From:Date:In-Reply-To; b=Au6L26od5cB7cHaasyDp1n7sxaiqjdCvApVqC48D1vPuJoxeW36yPjopx8g3Z+Kz9 7xKCkrsPAX2kHSlVgTWS1X2HczmTXD4kE1/iGqJYv88C3HR1TyTeyHLPnqzMMq4K8G rhGV5jjP5S/GmEUHwdDTU/FoT51IgAKgQvhsqzU71LKqoJlGdX0W0LKNTOMPJ
Authentication-Results: tana.it; auth=pass (details omitted)
Original-From: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC03D.0000000060C1F657.000049FC; Thu, 10 Jun 2021 13:24:07 +0200
Subject: Re: The problem we could solve (re github etc.)
To: ietf@ietf.org
References: <DM4PR11MB5438CC6D84B301C907DAA6D1B5369@DM4PR11MB5438.namprd11.prod.outlook.com> <20210609163823.72897E1865D@ary.qy> <CAMm+Lwhs0C80K2B4MoKi1ijghE2o6tmF7E8QreCK62P1bc9Q5Q@mail.gmail.com> <a567a4a6-8aa0-1bf1-bf3b-18c71213fa@iecc.com> <494082D95C1883FD462E6307@PSB> <CAMm+Lwh3wJ9pHRB7cDK2kPXUm5ucYv+RhU-ayXqXSXoXBPL9ag@mail.gmail.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <a18cb073-0038-91be-6f79-1121bd3b89f3@tana.it>
Date: Thu, 10 Jun 2021 13:24:05 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.9.0
MIME-Version: 1.0
In-Reply-To: <CAMm+Lwh3wJ9pHRB7cDK2kPXUm5ucYv+RhU-ayXqXSXoXBPL9ag@mail.gmail.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/z0noGecreOLz6iVBAwNL3kJBQno>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jun 2021 11:24:20 -0000

On Wed 09/Jun/2021 23:48:30 +0200 Phillip Hallam-Baker wrote:
> On Wed, Jun 9, 2021 at 5:22 PM John C Klensin <john-ietf@jck.com> wrote:
> 
>> And I have a question: What does this rather long thread actually have to
>> do with the IETF other than demonstrating that it would be dumb for our
>> discussions to depend on a providers who intended to support those
>> discussions by selling subscriptions and/or tracking user behavior and/or
>> comments? >
> The reason I tried to bring it back to stuff that is in IETF scope was 
> because I see all of these issues as being aspects of the same broken
> approach to Internet accounts.

There's a field in my Datatracker account linking to my GitHub account.  GitHub 
has a field for linking Twitter accounts but not IETF ones.  In practice, I 
sent the account name to the WG chair via an unsigned email message.  Is that 
vulnerable to social engineering attacks?


> Traditionally, we view an Internet account as being a thing that it LENT by 
> the service provider to the user. And the design of DNS reflects this in
> that DNS is a naming system for hosts and services, it is not a naming
> system for people. It is ludicrously expensive for a start, $10/yr for a DNS
> name is not actually an unreasonable charge for running DNS authoritative
> services but it is an absurd amount for a user name. When WhatsApp was a
> paid service, it was $1/yr. So $10/yr for the user name is ridiculous.

One could find names at less that 1$, but then shouldn't expect to deliver much 
of the mail sent from such domains.  The price we pay is for globalness and 
some kind of moderation.

By design, the DNS lets us fake whatever authority we fancy, perhaps using RFC 
2606 names if we care about possible future overlaps.  Or use .onion.


> For me, usernames and authentication are something that should intrinsically
> belong to the user and be theirs for life.

Agreed.  We can hardcode our credentials and upload them to NodeMCU with 
Arduino.  The difficulty is sharing resources with (some) other people or 
devices without necessarily getting at a global visibility level.


Best
Ale
--

v2.23.0 | Report a Bug | By Email