On Tue, Jan 14, 2014 at 4:45 PM, Fred Baker (fred) <[email protected]> wrote: > So the question in the shepherd's report should not be "tell me you thought > about the EU Data Retention Initiative and whether your protocol's data > identifies an individual". It should be "what personal, equipment, or session > identifiers, encrypted or otherwise, are carried in your protocol? How might > they be correlated with offline data or otherwise used to infer the identity > or behavior of an individual?"
The main problem is that: privacy issues are deeper than that, the question could be misunderstood without a larger context, and there's already a set of documents discussing most of that larger context (RFC 6973, the perpass problem statement draft, etc.). The Document Shepherd Write-Up currently doesn't reference security guidelines directly. Instead of asking a few specific questions in the shepherd's writeup as you suggest, consider adding the privacy/perpass docs to BCP 72 (which already includes RFC 3552) as they are approved, and then optionally add a question to the shepherd's writeup that refers to it, in order to emphasize the increased attention to the issue. Scott _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
