Then why do we allow them to have social media accounts, email accounts, etc?
How many RFCs involve using passwords somewhere in them? We know users pick bad passwords. We know users reuse passwords. And we know credential theft and misuse is a big problem. Were these same considerations given to those proposals? If not, why is THIS proposal that involves basically phone numbers and email addresses getting this scrutiny? If this is the hangup, then why isn't there a PIA (or related) process for every I-D and RFC? What formal process should I undergo to have this evaluated? Or should there be one created? On 7/9/19 1:21 PM, Ted Lemon wrote: > On Jul 9, 2019, at 2:04 PM, John Bambenek > <jcb=40bambenekconsulting....@dmarc.ietf.org > <mailto:jcb=40bambenekconsulting....@dmarc.ietf.org>> wrote: >> Can't this be mitigated by any number of forms of user education? > > The evidence is crystal clear on this point: no, it can’t. It is not > possible for a person who is informed on this topic to believe otherwise. > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
