On 16/03/2013 17:39, Barry Leiba wrote: >> Please see attached review. > > I'll counter-complain (see below) that you're the only GenART reviewer > who sends reviews as attachments, and I find it a PitA.
That depends very much on the recipient's UA. Many UAs don't even blink at text/plain. The reason I do it is because the reviews are archived as .txt files so it's a convenience for the archiver. >> The draft was updated during Last Call, which I thought was not normal >> practice. This review is of the updated draft, not the one that was Last >> Called. > > I asked the authors to post it, so reviewers would be seeing the > latest version. Now that we have the datatracker, this really should > not be a problem, and as a reviewer I appreciate not reviewing a > version with issues that others have already caught. I didn't intend that as a complaint, but actually a Last Call is for a specific version, so a reviewer could easily miss an update. >> There is no explicit discussion of privacy in the draft, which seems to >> me to carry evident privacy risks. For example, imagine an ISP that >> kindly decides to support webfinger for all customers by default, >> and preloads personally identifiable information without consent. > > There's quite a bit of discussion in the Security Considerations of > personal information, revealing a user's current context, and so on. > >> There is some relevant text in the Security Considerations: > > Indeed. > >> However, the weakness there is the words "or implicitly". IANAL, but it >> seems highly likely that would be illegal in the European Union, at least. > > And we are not lawyers either, and deployers in the EU will need to be > well aware of EU laws. We shouldn't be telling them about those here. No. But IMHO the draft should dissect that "implicitly" a bit more, to ensure that implementors and operators don't miss its, er, implications. >> Has the draft been validated against the guidelines in >> draft-iab-privacy-considerations? > > That'd be the document that's not even in the RFC Editor queue yet? Correct, but it's pretty mature. > I don't know whether the authors have read that document; perhaps they > can say. I did ask the authors to alert Alissa to this document, and > to explicitly ask her to review it. That would be excellent. Brian _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
