Jim, A suggestion for Section 7 (Security Considerations) to delete the sentence:
The Verification Service Provider (VSP) MUST store the verification data in compliance with the applicable privacy laws and regulations. The rationale for this is that IETF RFCs (and I-Ds) are always subordinate to laws/regulations. Therefore, it’s not necessary to state or call out that compliance is required. And doing so would be unusual for an RFC. Credit for pointing this out goes to Amelia Andersdotter from Article19, who, in a helpful conversation we had today, also pointed out that this sentence, which was added recently after receipt of the human rights review, was not directly tied to a particular point of feedback point. Rick Rick Wilhelm Verisign, VP Platform Mgmt [email protected]<mailto:[email protected]> office: 703-948-4289 mobile: 571-418-9505
_______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
