On Sun, Sep 17, 2017, at 21:56, Peter Saint-Andre wrote: > It's true that a nickname / handle / display name is not a solid basis > on which to make authentication or authorization decisions. So don't do > that. :-) > > Should we add a sentence about this to 7700bis?
I suppose it couldn't hurt, but I'm not sure that it's necessary either. I was not attempting to suggest that the issue was that they would use the nickname profile for authentication, but that misusing it could be an issue in its own right. > Again, if you would like to argue against publishing 7700bis, speak now > or forever hold your peace. That's what I'm doing right now :) > You'd be going against the consensus of the > working group (which, after all, did publish RFC 7700 in 2015), so an > Internet-Draft (perhaps entitled "Nickname Profile Considered Harmful") > would be the most effective way to make your case. I do seem to be the lone dissenter in this matter and since I no longer have a job that allows me the time to work on open source or standards in any serious way outside of the weekends I'm afraid I won't be able to make a better argument than what I've tried (poorly) to present in this email chain. —Sam _______________________________________________ precis mailing list [email protected] https://www.ietf.org/mailman/listinfo/precis
