> On Jul 1, 2020, at 9:09 AM, Brian Haberman <[email protected]> wrote: > > Hi Sara, > > On 7/1/20 5:00 AM, Sara Dickinson wrote: >> >> >>> On 28 Jun 2020, at 19:44, Alissa Cooper via Datatracker <[email protected]> >>> wrote: >>> >>> Alissa Cooper has entered the following ballot position for >>> draft-ietf-dprive-bcp-op-10: Discuss >>> >>> ---------------------------------------------------------------------- >>> DISCUSS: >>> ---------------------------------------------------------------------- >>> >>> Trimmed to the one outstanding point from my original DISCUSS: >>> >>> I do not think item #5 in Section 6.1.2 belongs in this document. I don't >>> see >>> how it is within scope for the IETF to be specifying these sorts of best >>> practices, which are not technical or operational in nature but focus on >>> legal >>> matters and likely require the involvement of lots of lawyers in order to >>> get >>> the provisions written. This section implies that the DROP documents would >>> become legal/compliance documents by nature, which may or may not be a good >>> choice but is not within the remit of the IETF to specify. Also, I think >>> what >>> this section asks for is not the norm today and therefore it seems odd for >>> the >>> IETF to specify a best practice that operators may not have any chance of >>> being >>> able to comply with (e.g., listing specific law enforcement agencies, >>> privacy >>> laws, or countries where data centers will reside and the data will never >>> move >>> from them). >> >> After discussion amongst the authors, we are very keen to at least retain a >> placeholder within the DROP statement so that readers can easily access any >> complimentary documents that do deal with such matters. We would like to >> propose replacing item 5 with the following text: >> >> “5. Data Processing. This section can optionally communicate links to and >> the high level contents of any separate statements the operator has >> published which cover applicable data processing legislation or agreements >> with regard to the location(s) of service provision. " >> > > So, the intent is to specify a place for providers to make optional > statements relevant to their operations, correct? If so, that seems > reasonable to me. > > Alissa?
WFM. Thanks! Alissa > > I would suggest making sure the example in the Appendix aligns with this > change. > > Regards, > Brian > _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
