On 09/21/2013 06:55 AM, SM wrote: > Hello, > At 09:34 20-09-2013, Stephen Farrell wrote: >> FYI. Comments welcome, > > I read draft-cooper-ietf-privacy-requirements-00 quickly. > > From Section 3: > > "standards-track IETF protocols that involve transmission of personal > data" > > The above only covers sending personal data. I commented about a draft > previously [1]. The Gen-ART review [2] mentioned that: > > "Misuse of this specification and many others could harm privacy, > but that shouldn't necessarily dissuade us from publishing this draft." > > The SecDir review didn't consider privacy as a security concern [3]. > > Would draft-cooper-ietf-privacy-requirements-00 be applicable for the > above case?
Assuming we get IETF consensus for our proposal, then yes I think it would cover that case since the personal data concerned is designed to be transmitted in the DNS protocol. Since there's currently no way to provide confidentiality for DNS (a fine thing to think about), then for draft-jabley it would come down to whether the IETF would have consensus to ignore the BCP in that case. I guess this proposed BCP would in such cases move the burden of proof somewhat from those saying "stop, be more privacy friendly" to those proposing the new protocol. And I think that'd be a good change. S. > > Regards, > -sm > > 1. http://www.ietf.org/mail-archive/web/ietf/current/msg79722.html > 2. http://www.ietf.org/mail-archive/web/ietf/current/msg79959.html > 3. http://www.ietf.org/mail-archive/web/secdir/current/msg04083.html > > _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
