I dont even exactly know whether the right to be forgotten works with data that isnt even public.
my personal opinion on this is that if no certs get revoked that all account data stays unil the certs expire. this right was mostly executed on google and their results are public. but your ACME Account data (e.g. your IP Addresses, domains etc) are all private because nobody can just say "what domains does User X have" or whatever. also if there are any laws regarding data retention or anything else regarding liability and stuff it wouldnt be wise to delete data regarding that. also as Rich Salz already said, ACME cant deal with any weird geographic law. I have no Idea what a "Calea" is, but the laws regarding that "Calea" thing are probably also something ACME cannot really account for. that's my opinion. Regards. 2016-05-24 1:07 GMT+02:00 Salz, Rich <[email protected]>: > > Let me explain a bit more: Shall a CA receive a valid and trustworthy > request for deletion of an account/authorization, the CA must totally erase > any trace of data regarding that account > > Speaking as a WG chair, I disagree. EU data retention, like US Calea > laws, are outside the scope of the protocol. > > > CAs follow the best interests of the users, don't they? > > As commercial vendors, their shareholders should come first. > > Speaking as an individual, I support the MR. > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
