In ** 1. Introduction
.... More recently the global legislative landscape with regard to personal data collection, retention, and pseudonymization has seen significant activity with differing requirements active in different jurisdictions. For example the user of a service and the service itself may be in jurisdictions with conflicting legislation. It is an untested area that simply using a DNS resolution service constitutes consent from the user for the operator to process their query data. The impact of recent legislative changes on data pertaining to the users of both Internet Service Providers and DNS open resolvers is not fully understood at the time of writing. ... ---> I'm wondering if the legal principles are really all that different between jurisdictions? Purpose limitation and data minimization (or "as few data as are required to perform the purpose" or equivalent) are fairly common, and RFC6073 already considers data minimization a super-heading for stuff like storage limitation (which in some jurisdictions is separated from data minimization in the law, for example). The big differences are only in oversight (who is competent to enforce) and perhaps contractual practise (what is the expected contents of a contract). In the spirit of this draft, maybe it's better to leave it at just "significant activity [full stop]" and not point so much to differing requirements? best regards, Amelia On 2018-07-16 21:25, Sara Dickinson wrote: > There are now updated versions of these two drafts which have > cross-references to each other….. > > https://tools.ietf.org/html/draft-bortzmeyer-dprive-rfc7626-bis-01 > https://tools.ietf.org/html/draft-dickinson-dprive-bcp-op-01 > > Sara. > >> On 2 Jul 2018, at 13:59, Sara Dickinson <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi All, >> >> An update to draft-dickinson-bcp-op (with a minor name change >> generating a -00 version) is now available. >> >> The major differences to draft-dickinson-bcp-op-00 are : >> >> * Reworked the Terminology, Introduction and Scope >> * Added Document section >> * Reworked the Recommendations section to describe threat >> mitigations, optimizations and other options. >> * Split the recommendations up into 3 subsections: on the wire, at >> rest and upstream >> * Added much more information on data handling and IP address >> pseudonymization and anonymization >> * Added more details and comparison of some existing policy/privacy >> policies >> * Applied virtually all of Amelia Andersdotter's suggested changes. >> >> When re-writing this draft in terms of privacy threats and >> mitigations it became clear that a ‘bis' to RFC7626 that included >> threat assessments from all the privacy related work that has >> happened since it was written (e.g. DNS-over-TLS) would be very >> helpful. That bis document is also now available (see below) and >> going forward the hope is the these two will be companion documents >> with RFC7626-bis describing the threats and the BCP describing the >> mitigations. >> >> When reviewing, please note that due to time constraints I haven’t >> managed to get the cross references to the very latest draft versions >> updated in the documents, but will do so when draft submission re-opens. >> >> Best regards >> >> Sara. >> >> >>> Begin forwarded message: >>> >>> *From: *[email protected] <mailto:[email protected]> >>> *Subject: **New Version Notification for >>> draft-dickinson-dprive-bcp-op-00.txt* >>> *Date: *2 July 2018 at 18:31:13 BST >>> *To: *"Sara Dickinson" <[email protected] <mailto:[email protected]>>, >>> "Benno J. Overeinder" <[email protected] >>> <mailto:[email protected]>>, "Benno Overeinder" <[email protected] >>> <mailto:[email protected]>>, "Allison Mankin" >>> <[email protected] <mailto:[email protected]>>, >>> "Roland M. van Rijswijk-Deij" <[email protected] >>> <mailto:[email protected]>>, "Roland van Rijswijk-Deij" >>> <[email protected] <mailto:[email protected]>> >>> >>> >>> A new version of I-D, draft-dickinson-dprive-bcp-op-00.txt >>> has been successfully submitted by Sara Dickinson and posted to the >>> IETF repository. >>> >>> Name:draft-dickinson-dprive-bcp-op >>> Revision:00 >>> Title:Recommendations for DNS Privacy Service Operators >>> Document date:2018-07-02 >>> Group:Individual Submission >>> Pages:32 >>> URL: >>> >>> https://www.ietf.org/internet-drafts/draft-dickinson-dprive-bcp-op-00.txt >>> Status: >>> https://datatracker.ietf.org/doc/draft-dickinson-dprive-bcp-op/ >>> Htmlized: >>> https://tools.ietf.org/html/draft-dickinson-dprive-bcp-op-00 >>> Htmlized: >>> https://datatracker.ietf.org/doc/html/draft-dickinson-dprive-bcp-op >>> >>> >>> Abstract: >>> This document presents operational, policy and security >>> considerations for DNS operators who choose to offer DNS Privacy >>> services. With the recommendations, the operator can make deliberate >>> decisions which services to provide, and how the decisions and >>> alternatives impact the privacy of users. >>> >>> This document also presents a framework to assist writers of DNS >>> Privacy Policy and Practices Statements (analogous to DNS Security >>> Extensions (DNSSEC) Policies and DNSSEC Practice Statements described >>> in [RFC6841]). >> >> >> >>> Begin forwarded message: >>> >>> *From: *[email protected] <mailto:[email protected]> >>> *Subject: **New Version Notification for >>> draft-bortzmeyer-dprive-rfc7626-bis-00.txt* >>> *Date: *2 July 2018 at 18:54:30 BST >>> *To: *"Sara Dickinson" <[email protected] <mailto:[email protected]>>, >>> "Stephane Bortzmeyer" <[email protected] >>> <mailto:[email protected]>> >>> >>> >>> A new version of I-D, draft-bortzmeyer-dprive-rfc7626-bis-00.txt >>> has been successfully submitted by Sara Dickinson and posted to the >>> IETF repository. >>> >>> Name:draft-bortzmeyer-dprive-rfc7626-bis >>> Revision:00 >>> Title:DNS Privacy Considerations >>> Document date:2018-07-02 >>> Group:Individual Submission >>> Pages:22 >>> URL: >>> >>> https://www.ietf.org/internet-drafts/draft-bortzmeyer-dprive-rfc7626-bis-00.txt >>> Status: >>> >>> https://datatracker.ietf.org/doc/draft-bortzmeyer-dprive-rfc7626-bis/ >>> Htmlized: >>> https://tools.ietf.org/html/draft-bortzmeyer-dprive-rfc7626-bis-00 >>> Htmlized: >>> >>> https://datatracker.ietf.org/doc/html/draft-bortzmeyer-dprive-rfc7626-bis >>> >>> >>> Abstract: >>> This document describes the privacy issues associated with the use of >>> the DNS by Internet users. It is intended to be an analysis of the >>> present situation and does not prescribe solutions. >>> >> >> _______________________________________________ >> dns-privacy mailing list >> [email protected] <mailto:[email protected]> >> https://www.ietf.org/mailman/listinfo/dns-privacy > > > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy -- Amelia Andersdotter Technical Consultant, Digital Programme ARTICLE19 www.article19.org PGP: 3D5D B6CA B852 B988 055A 6A6F FEF1 C294 B4E8 0B55 _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
