This is a bit late, and I'd sent some comments to Sara off-list (and I wanted to actually contribute some text but haven't yet gotten the time :(), but figured would send a quick note on-list as well. In general I support the publication of this draft, though I echo Stephen's comment about it needing a sample DPPPS? DROP? document. Minor comment: In Section 5.2.1, pseudonymization and access control is mentioned, but might be worth adding some text combining the two. I believe it's a fairly common technique in practice, to comply with GDPR et al, where an employee has to follow a process (either legal review or have a customer case or something) in order to obtain access to unencrypted logs. Ryan Guest's talk at PEARG at IETF 104 on log anonymization might be a good resource for additional techniques (though I think most of them are covered in Appendix B): https://datatracker.ietf.org/meeting/104/materials/slides-104-pearg-ryan-log-data-privacy-00
On Fri, Aug 16, 2019 at 4:50 AM Tim Wicinski <[email protected]> wrote: > > This starts a Working Group Last Call for draft-ietf-dprive-bcp-op > > Current versions of the draft is available here: > https://datatracker.ietf..org/doc/draft-ietf-dprive-bcp-op/ > <https://datatracker.ietf.org/doc/draft-ietf-dprive-bcp-op/> > > > The Current Intended Status of this document is: Best Current Practices > > Please review the draft and offer relevant comments. > If this does not seem appropriate please speak out. > If someone feels the document is *not* ready for publication, please speak > out with your reasons. > > This starts a two week Working Group Last Call process, and ends on: 30 > August 2019 > > thanks > tim > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy >
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
