Deborah Brungard has entered the following ballot position for draft-ietf-dprive-bcp-op-08: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dprive-bcp-op/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- In general, I support this document. It is good to help educate folks on what should be included in a privacy statement, but as Alissa notes, there is no "one size fits all". Especially if one implies a cookie cutter type of form with check marks will be adequate to compare offerings. I don't think this is what was intended - considering the detailed assessment on the DROP form - but there's a couple of sentence stragglers that infer the DROP form is the form *for all*. Support Alissa's and Ben's Discuss. A couple of my concerns: 5.3.3 Both Alissa (and Stephen previously) noted there is no meaningful way to obtain explicit "consent". Considering this document is a "best practice", suggest simply removing, and recommending as Alissa says "not share". 6.1.2 #5 agree with Alissa - this should be removed. 6.2 "We note that the existing set of policies vary widely in style, content and detail and it is not uncommon for the full text for a given operator to equate to more than 10 pages of moderate font sized A4 text. It is a non-trivial task today for a user to extract a meaningful overview of the different services on offer." I'm not sure what this is trying to say? The purpose of this document is to advocate for comprehensive privacy statements. As Alissa notes (2), this document alone is not sufficient to give adequate description for a service. This sentence implies a 10-page document is bad because it is 10 pages (yet this document's DROP example has 5 pages requiring detailed information and lists to complete). And the last sentence negatively prejudges a user's reading capability or specific interest. Suggest drop the last sentence and it will remove the negativity as I don't think the DROP example is any easier on a user to read. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
