[Ietf-not43] Mail address mandatory?

[Eric A. Hall]

on 8/13/2002 1:38 AM Stephane Bortzmeyer wrote:
> I read in draft-ietf-crisp-lw-user-00.txt:
> 
>      The target inetOrgPerson entries MAY have any number of attributes 
>      defined, with any number of access restrictions, as required by 
>      local security policies, government regulations or personal 
>      privacy concerns. However, the mail attribute MUST be defined, 
>      MUST be valid, and MUST have anonymous read permissions. 
> 
> Why is it so (MUST have anonymous read permissions)? The email address
> is often precisely the attribute some people want to hide (because of
> spammers).

The email address doesn't have to a primary account.

The reason I made it mandatory is that there is no other form of contact
information which is viable. Postal mail doesn't help when you are
suffering aa DoS attack from a specific network, for example.

There is another reason for using email addresses, which is that I plan to
define a lookup mechanism for contacts using the email addr as the lookup
key (EG, provide a way to find out which domains and netblocks are
associated with <bortzmeyer@nic.fr>). DITs aren't all that functional or
friendly outside the protocol.

> Anyway, it should be a matter of policy, I don't think it is
> appropriate to put it in the protocol.

Andy has made that argument in the past, too. In the end, it seems to me
that if there isn't any contact information available, there isn't any
benefit to the service.

-- 
Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/