> On 6 Sep 2019, at 06:31, Shivan Sahib > <[email protected]> wrote:
Hi Shivan, Thanks for this review. > > This is a bit late, and I'd sent some comments to Sara off-list (and I wanted > to actually contribute some text but haven't yet gotten the time :(), but > figured would send a quick note on-list as well. > In general I support the publication of this draft, though I echo Stephen's > comment about it needing a sample DPPPS? DROP? document. Minor comment: In > Section 5.2.1, pseudonymization and access control is mentioned, but might be > worth adding some text combining the two. I believe it's a fairly common > technique in practice, to comply with GDPR et al, where an employee has to > follow a process (either legal review or have a customer case or something) > in order to obtain access to unencrypted logs. I’ve added some extra text to that section specifically about restricting access to full logs. > Ryan Guest's talk at PEARG at IETF 104 on log anonymization might be a good > resource for additional techniques (though I think most of them are covered > in Appendix B): > https://datatracker.ietf..org/meeting/104/materials/slides-104-pearg-ryan-log-data-privacy-00 > > <https://datatracker.ietf..org/meeting/104/materials/slides-104-pearg-ryan-log-data-privacy-00> I _think_ we have all these, even if we have used slightly different terminology for some. Best regards Sara.
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
