On 01 Mar 2013, at 01:22:12, SM wrote: > At 15:56 26-02-2013, Eric Burger wrote: >> So what if we just said Security Considerations must include what some >> people call privacy considerations? If we cannot agree on a concise >> definition of security vs. privacy, what is the typical draft author going >> to do? > > Security Considerations can be stuff like "MUST implement TLS". Privacy > considerations would be about the decision of an individual.
Framing privacy as "decision-making" is useful when dealing with privacy settings/policies and user interfaces -- this is actually a usual definition of privacy in HCI (see, eg, the work from Cranor or Acquisti on feedback and awareness, privacy nudges, etc.). I would however think that it is too restrictive (and potentially misleading) when addressing privacy considerations more generally, and particularly in protocols that the individual does not necessarily understand in detail. Best Claudia _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
