Rick, That sentence was added in draft-ietf-regext-verificationcode-04 to address Gurshabad’s feedback and can be deleted in draft-ietf-regext-verificationcode-05. Gurshabad, do you agree with this change?
Thanks, — JG [cid:[email protected]] James Gould Distinguished Engineer [email protected] 703-948-3271 12061 Bluemont Way Reston, VA 20190 Verisign.com<http://verisigninc.com/> From: regext <[email protected]> on behalf of "Wilhelm, Richard" <[email protected]> Date: Wednesday, November 7, 2018 at 6:17 PM To: "[email protected]" <[email protected]> Subject: [EXTERNAL] [regext] edit for Section 7 Jim, A suggestion for Section 7 (Security Considerations) to delete the sentence: The Verification Service Provider (VSP) MUST store the verification data in compliance with the applicable privacy laws and regulations. The rationale for this is that IETF RFCs (and I-Ds) are always subordinate to laws/regulations. Therefore, it’s not necessary to state or call out that compliance is required. And doing so would be unusual for an RFC. Credit for pointing this out goes to Amelia Andersdotter from Article19, who, in a helpful conversation we had today, also pointed out that this sentence, which was added recently after receipt of the human rights review, was not directly tied to a particular point of feedback point. Rick Rick Wilhelm Verisign, VP Platform Mgmt [email protected]<mailto:[email protected]> office: 703-948-4289 mobile: 571-418-9505
_______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
