Sorry for the delayed response. I would prefer the use of "confidentiality" instead of "privacy" in the paragraph. That would better align with the definitions in RFC 2828.
Russ On Apr 11, 2011, at 9:42 AM, <[email protected]> <[email protected]> wrote: > Hi Simon, > > Thank you for the update. How about the following which slightly changes > your proposed text: > > o vCards often carry information that can be sensitive (e.g. > birthday, address, and phone information). Although vCards have no > inherent authentication or privacy provisions, they can easily be > carried by > any security mechanism that transfers MIME objects to address > authentication or privacy (e.g. S/MIME [RFC5751], OpenPGP > [RFC4880]). In cases where the privacy or authenticity of > information contained in vCard is a concern, the vCard SHOULD be > transported using one of these secure mechanisms. The KEY > property (Section 6.8.1) can be used to transport the public key > used by these mechanisms. > > Thank you, > Kathleen > > -----Original Message----- > From: Simon Perreault [mailto:[email protected]] > Sent: Monday, April 11, 2011 9:17 AM > To: Moriarty, Kathleen > Cc: [email protected]; [email protected] > Subject: Re: [Gen-art] Gen-ART review of draft-ietf-vcarddav-vcardrev > > On 2011-04-09 08:03, [email protected] wrote: >> The last is not a Gen-ART, but was put >> there for adding considerations to the security section. I just >> meant that it should state that there may be privacy concerns with >> some of the information. I listed the regulations to give examples, >> but not to have them entered into the document. You mention the use >> of encryption for protection against spoofing, it would also be used >> for confidentiality in protecting privacy of the information. > > I misunderstood your previous comment. I understand now. Sorry about > that. How about the following: > > o vCards often carry information that can be sensitive (e.g. > birthday, address, and phone information). Although they have no > inherent authentication or privacy, they can easily be carried by > any security mechanism that transfers MIME objects with > authentication or privacy (e.g. S/MIME [RFC5751], OpenPGP > [RFC4880]). In cases where the privacy or authenticity of > information contained in vCard is a concern, the vCard SHOULD be > transported using one of these secure mechanisms. The KEY > property (Section 6.8.1) can be used to transport the public key > used by these mechanisms. > > Thanks, > Simon > -- > DTN made easy, lean, and smart --> http://postellation.viagenie.ca > NAT64/DNS64 open-source --> http://ecdysis.viagenie.ca > STUN/TURN server --> http://numb.viagenie.ca > > _______________________________________________ > Gen-art mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/gen-art _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
