At 09:20 AM 7/25/2012, Stephen Farrell wrote:
2. I wonder if "threats and countermeasures" is the right way
to think about privacy. Perhaps we're inheriting too much from
security there. It might be that it'd be better to consider
the extent to which things (e.g. I-Ds, protocols) are
privacy-friendly or privacy-unfriendly, rather than consider
specific sets of circumstances and good/bad actors to be
"threats to privacy." Put another way, perhaps the correct
form of risk analysis to apply here differs a lot from that
best applied when considering security. I'm not saying I know
for sure, but this struck me strongly when reading this draft.
Changing that might be too much for this document, but is
worth disussion I think.
There was a comment about "natural person". That term is well-known
in legal circles to distinguish between people and entities which may
have the same rights as people. I would say that "risks" is more of
a people issue instead of the usual security issue. Looking at
privacy in terms of threats and counterthreats provides a limited
view of the problem space; e.g. see previous comment about "natural person".
3. Ought we bite the bullet and formulate an unambiguous and
easily understood statement (as a BCP) to the effect that the
IETF wants the Internet to be (more) privacy friendly? We
If we were to look at the "blue sheet" discussion, the answer to the
above would be yes. The "position" on privacy is fuzzy though; what
we choose for ourselves and what we argue for in specifications can be at odds.
Regards,
-sm
_______________________________________________
ietf-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-privacy
