> On Oct 24, 2018, at 8:50 PM, Linlin Zhou <[email protected]> wrote: > > Dear Ben, > Maybe I did not make this item clarified. I'd like to have some more > explanations. You are right that the EPP organization object may have a > <contact> element, but this is not a required information. There may be some > possibilities as follows, > 1. If the organizations do not want to provide this information to protect > the privacy, the <contact> could be empty. > 2. If the organizations have no issues on the privacy, they can input the > contact identifier created according to RFC5733. > a. In RFC5733, required info including contact id, contact name, city, > country code, email and authentication info. > b. Optional info including contact organization, street, state or > province, postal code, voice, fax and disclose elements choices. > "Authorization information is REQUIRED to create a contact object. > .......Both client and server MUST ensure that authorization information is > stored and exchanged with high-grade encryption > mechanisms to provide privacy services." was specified in RFC5733. > > The organization object may have personally identifiable information, such as > <org:contact>. This information is not a required element in this document > which can be provided on a voluntary basis. If it is provided, both client > and server MUST ensure that authorization information is stored and exchanged > with high-grade encryption mechanisms to provide privacy services, whichi is > specified in RFC5733.
Hi, Your last paragraph above is the sort of thing I had in mind. It would be helpful to include it in the draft. I Thanks! Ben. > > Regards, > Linlin > Linlin Zhou > > From: Ben Campbell <mailto:[email protected]> > Date: 2018-10-25 01:32 > To: Linlin Zhou <mailto:[email protected]> > CC: iesg <mailto:[email protected]>; regext-chairs > <mailto:[email protected]>; Pieter Vandepitte > <mailto:[email protected]>; draft-ietf-regext-org > <mailto:[email protected]>; regext <mailto:[email protected]> > Subject: Re: [regext] Ben Campbell's No Objection on > draft-ietf-regext-org-11: (with COMMENT) > Thanks for your response. It all looks good, except for one item below: > > Thanks! > > Ben. > >> On Oct 24, 2018, at 5:05 AM, Linlin Zhou <[email protected] >> <mailto:[email protected]>> wrote: >> > > [...] > >> >> §9: The org element can contain contact information, possibly including >> personally identifiable information of individuals. Doesn’t this have privacy >> implications that should be discussed here or in a privacy considerations >> section? >> [Linlin] This document is an object extension of EPP that follows all the >> security requirements for EPP. We do not hope to add any more secure >> considerations in this document. So this element can be "zero" if you do not >> like to provide. >> > > I don’t understand how your answer addresses my question. As far as I can > tell, this document creates a new object that can contain personally > identifiable information (PII). Is that incorrect? > > Is there text in EPP that already talks about PII that can be cited? > > > [...]
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
