I'm happy with the changes in the -12 draft. Thanks Brian Carpenter
On 21/03/2013 00:59, Paul E. Jones wrote: > Brian, > >> Major Issues: >> ------------- >> >> There is no explicit discussion of privacy in the draft, which seems to >> me to carry evident privacy risks. For example, imagine an ISP that >> kindly decides to support webfinger for all customers by default, >> and preloads personally identifiable information without consent. > > Barry commented on this indicating it is there. Per Dave's advice, I think > we should make it clearer with subsections in the security section. > >> There is some relevant text in the Security Considerations: >> >> Further, WebFinger MUST NOT be used to provide any personal >> information to any party unless explicitly or implicitly authorized >> by the person whose information is being shared. >> >> However, the weakness there is the words "or implicitly". IANAL, but it >> seems highly likely that would be illegal in the European Union, at least. > > I have no strong preference on this, but "implicit" was asked by some, since > (as an example), your information might be shared via WebFinger inside a > company for company use. > >> Has the draft been validated against the guidelines in >> draft-iab-privacy-considerations? > > I have not, but Alissa was asked to weigh in (and she did). I trust she > provided recommendations. (I've not gotten that far down the stack, yet.) > > Paul > > > _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
