- From: Frank Ellermann <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@gmail.com>
- Date: Fri, 8 Jul 2011 21:29:05 +0200
- To: John C Klensin <john-ietf@jck.com>
- Cc: Mykyta Yevstifeyev <evnikita2@gmail.com>, URI <uri@w3.org>, Apps-discuss list <apps-discuss@ietf.org>
On 8 July 2011 19:46, John C Klensin <john-ietf@jck.com> wrote: >> The anonymous:mail construct is also not more state of the art >> for privacy reasons, unless it is a mail address in TLD invalid >> or similar. > Disagree. If I'm an FTP repository provider, I can ask you to > give up your email address in return for service if I want to. > Whether I trust the address you give me is another matter, but > that isn't a privacy issue. Your server, your rules. Nevertheless user agents such as web browsers MUST NOT use valuable email accounts in anonymous FTP connections without explicit consent of the user. I don't think that address harvesting by spammers on anonymous FTP servers is a serious threat, but "anonymous" should be what the name says, as long as the user didn't explicitly set something else. If your FTP server does not accept anonymous:me@privacy.invalid it is fine, I'd know how to use another FTP client where I can add one of the addresses you know. But exactly these addresses should not be used in anonymous connections with arbitrary FTP servers, unless I explicitly confirmed it for a given server. -Frank
Received on Friday, 8 July 2011 19:29:53 UTC