Roman Danyliw has entered the following ballot position for draft-ietf-dprive-bcp-op-08: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dprive-bcp-op/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- ** Per 6.1.1. Item 2. Per “Data Collection and sharing … and in each case whether it is aggregated, pseudonymized, or anonymized and the conditions of data transfer”, would be useful to also have the policy describe the technique used to realize this minimization? ** Section 6.1.2. Item 5. Per “Jurisdiction. This section should communicate the applicable jurisdictions and law enforcement regimes …”, what’s a “law enforcement regime” (and why is that different than a “jurisdiction”)? ** Section 6.2.1. Per item 5.4. Why restrict disclosure to “law enforcement agencies, or other public and private parties dealing with security and intelligence”, and not request disclosure of all parties who get access with “Specify whether the operator has any agreement in place with public or private parties to give them access to the server and/or to the data”? One party’s assessment of an entity as “security” (captured in the current text) is another’s “public safety” (not captured in the current text but captured the recommend text) ** Editorial Nits -- Section 6.1.2. Typo. s/section Section 5/Section 5/g -- Section 6.1.2 Editorial Nit. Per item 5.2, “… and how to contact the operator to enforce them”, it is more appropriate to say “exercise them”, e.g., a user contacts the operator to exercise their “right to be forgotten” (not enforce their right to be forgotten). _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
