Hi Karl,
[Taking this to ietf-privacy@]
At 11:50 20-09-2013, Karl Malbrain wrote:
"Note that this is contingent on practicality - if some personal data
really has to be sent in clear for a protocol to be able to operate,
and even opportunistic encryption is not possible, then a standards-
track protocol that does not define how to protect that data will be
consistent with this BCP. The IETF will have to decide in such cases
whether standardizing that protocol benefits the Internet or not."
1. Is the value of a personal public key considered "personal
data"? In TLS client authentication, these keys are requested.
I'll plug in my draft (draft-moonesamy-privacy-identifiers-01).
Can the information be used to identify a person? I would say yes.
Is the identifier required for TLS client authentication tow work? I
would say yes.
There are cases where personal data will be sent. I suggest using
Section 6 of the draft to argue why it is not practical to send the
personal data.
Regards,
S. Moonesamy
_______________________________________________
ietf-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-privacy
