Re: [Acme] Account deactivation

Mon, 23 May 2016 15:46:45 -0700 

Hi, Jacob.
I strongly object to that proposed change, if my objection matters at all.
Let me explain a bit more: Shall a CA receive a valid and trustworthy request 
for deletion of an account/authorization, the CA must totally erase any trace 
of data regarding that account, except perhaps the certificates issued. Or else 
there are privacy issues to be taken into account for each and every CA and 
thankfully EU has relevant laws of the right-to-be-forgotten, which I think 
applies in this case. So, because CAs are global, I believe that they should 
take into account the best interests of the users, which in this case is 
exactly this right: the right-to-be-forgotten. Finally, I don't think that US 
laws should apply to the whole world and, since EU has accounted for the 
aforementioned right, that should absolutely be taken into consideration.
To summarize, I disagree with the proposed change in the exact part of "leaves 
data retention choices up to CA policy". CAs follow the best interests of the 
users, don't they? Also, possible privacy laws allow for that possibility to 
the user. Therefore, if a user requests (and the request is deemed trustworthy 
and valid) complete deletion of their account/authorization, the CA shall not 
be free to keep the data.
Best regards,Jason Milionis

> To: [email protected]
> From: [email protected]
> Date: Mon, 23 May 2016 15:21:10 -0700
> Subject: Re: [Acme] Account deactivation
> 
> Any objections to this? I'd like to get it merged so we can go ahead
> with implementation.
> 
> On 05/12/2016 09:19 AM, Jacob Hoffman-Andrews wrote:
> > Proposed change: instead of deletion of accounts and authorizations,
> > specify deactivation. This simplifies both the spec and the
> > implementation, and leaves data retention choices up to CA policy.
> >
> > https://github.com/ietf-wg-acme/acme/pull/125
> >
> > _______________________________________________
> > Acme mailing list
> > [email protected]
> > https://www.ietf.org/mailman/listinfo/acme
> >
> 
> _______________________________________________
> Acme mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/acme
                                          
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme

Reply via email to