Hi SM, nice writeup.
A few comments: * You cite RFC 3365 with regard to what privacy means. RFC 3365 has a very limited view on that topic. * PII and personal data: In http://tools.ietf.org/html/draft-iab-privacy-considerations-03 we try to use the term "personal data" and define it as 'Any information relating to an identified individual or an individual who can be identified, directly or indirectly.' We did that to avoid having refer to back to some laws where the interpretation changes from context to context and also over time. * Section 3 and 4: I guess that these two sections have the goal to point out that these identifiers may, depending on the context, allow individuals to be identified. * Section 5: The right amount of information I believe what this section should say is that there are situations where one would like to provided information to the recipient so that a response can be provided and in other cases that's not desired. For example, in today's telephone system you can hide your phone number. Similarly, in SIP there are ways to prevent all information to reach the recipient. So, the question isn't really about all or nothing but it is about the ability for the user to decide about the context when they want to reveal information and when they don't. There is no doubt that it is difficult to decide about the right amount of information disclosure. But should this be the justification to always reveal everything? I agree that there is an asymmetry of power between the user and the entity offering services (which makes the situation worse). Ciao Hannes On Sep 3, 2012, at 2:18 AM, S Moonesamy wrote: > Hello, > > I would appreciate some feedback about draft-moonesamy-privacy-identifiers-00. > > Abstract: > The Internet provides the ability for information to be spread beyond > geographical boundaries at the speed of light. Once information is > available over the Internet it leaves the private realm. If the > information can be used to identify a person it can affect the > privacy of the individual. There are cases when it can increase the > physical risk to the individual or where it can have a negative > financial impact. Some types of information can be an embarassment > to an individual and negatively affect the person's reputation. > > This document discusses about whether Internet Identifiers and > Session Identifiers can be information about an individual and > whether consent is necessary. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-moonesamy-privacy-identifiers > > Regards, > S. Moonesamy > > _______________________________________________ > ietf-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ietf-privacy _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
