CRLs don't contain PII. It's just a serial number and status code. That's a big difference than email address, names, locations, etc.
-----Original Message----- From: Stephen Farrell [mailto:[email protected]] Sent: Wednesday, November 2, 2016 10:50 AM To: Jeremy Rowley <[email protected]>; Peter Bowen <[email protected]>; Melinda Shore <[email protected]> Cc: [email protected] Subject: Re: [Trans] Topicality On 02/11/16 16:20, Jeremy Rowley wrote: > Wacky court decisions are always a risk. However, the EU has > established that data collectors must delete public facing personal > information at the information holder's request. I don't believe "delete" is right there - search engines gave different results when queried in different ways or from different places and the underlying sources (e.g. newspaper articles) weren't affected directly IIUC. While that is an evolving situation I'm not sure we can safely conclude what any of it might mean for CT. (Or for CRLs I guess if we want to get into speculation;-) S > There's a big > difference between planning for unknown legal changes and accounting > for decisions already made. By requiring logging of PII, we're > essentially asking logs to fail on a regular basis. Although > redaction of subject info doesn't guarantee a log won't fail because > of a right to be forgotten request, it does move logs in the > direction of compliance. > > Jeremy > > -----Original Message----- From: Stephen Farrell > [mailto:[email protected]] Sent: Wednesday, November 2, 2016 > 10:13 AM To: Jeremy Rowley <[email protected]>; Peter Bowen > <[email protected]>; Melinda Shore <[email protected]> Cc: > [email protected] Subject: Re: [Trans] Topicality > > > > On 02/11/16 15:57, Jeremy Rowley wrote: >> Here's what we are dealing with on this front: >> >> The EU has a right to be forgotten which requires a data >> controller to remove data that is no longer necessary or >> irrelevant for the original purposes for which the data was >> collected. Primarily, courts have interpreted this as requiring a >> search engine to remove information about a person at that >> individual’s request. This has caused consider headaches for >> Google. >> >> CT monitors are likely considered a search engine that identify >> certificates with personal information included. However, CT, by >> design, cannot delete information from logs and any deletion will >> cause the log to fail. This puts CT at odds with EU privacy laws >> as certificate subjects often contain individual information, >> email addresses specified in the SANs, and SANS DNS entries that >> identify an individual (albeit this is a stretch). >> >> I'm having trouble reconciling how a monitoring service/log >> operator is supposed to comply with the EU requirements without >> supporting redaction. > > What makes you think redaction would help? If anything from the entry > in the log correlates with the cert then some wacky court could > decide who knows what... Particularly with stuff like that so-called > right to be forgotten, I'm not clear that we can plan ahead and guess > what courts might or might not decide. (And IANAL of course:-) > > S. > > PS: As with the rest of this thread, the above is with no hats. > >> >> Jeremy >> >> >> -----Original Message----- From: Trans >> [mailto:[email protected]] On Behalf Of Stephen Farrell Sent: >> Monday, October 31, 2016 4:03 PM To: Peter Bowen >> <[email protected]>; Melinda Shore <[email protected]> Cc: >> [email protected] Subject: Re: [Trans] Topicality >> >> >> Peter, >> >> On 31/10/16 19:01, Peter Bowen wrote: >>> On Mon, Oct 24, 2016 at 9:37 PM, Melinda Shore >>> <[email protected]> wrote: >>>> You may have seen the recent announcement from the Chrome team >>>> that as of October 2017 certificates will need to comply with >>>> Chrome's CT policy in order to be trusted. There was also an >>>> invitation to discuss that on the trans mailing list. This is >>>> a reminder that mailing list discussions need to remain focused >>>> on the specifications being produced by the working group - >>>> that is to say, policies related to individual implementations >>>> are out of scope for the working group except to the extent >>>> that they bear on decisions related to our working group >>>> drafts. >>> >>> Paul and Melinda, >>> >>> Do you consider discussion of use cases for privacy to be >>> in-scope for this group or do you consider only the technical >>> implementation of privacy (e.g. section 4 of 6962-bis and the >>> redaction draft) to be in-scope? >> >> (Wearing no IETF hat, but perhaps the hat of someone interested in >> privacy...) >> >> I do not believe that it makes sense for us to talk as if privacy >> was a concept that applies to corporate entities. >> >> I do believe that your text above conflates privacy (a human >> concept) with corporate secrecy (a useful but different thing) in >> ways that are in the end damaging to both. (I further and even >> moreso believe that such conflation would be damaging to the IETF >> were we to slip into the bad practice of not calling out that >> terminological sloppiness.) >> >> I totally get that redaction has utility for folks who need >> corporate secrecy on a temporary basis. I absolutely do not accept >> that that has any privacy aspect. >> >> Can you call out the privacy aspect that applies to humans and >> that is a real part of the question related to support for >> redaction in CT? >> >> Thanks, S. >> >> >>> >>> Thanks, Peter >>> >>> _______________________________________________ Trans mailing >>> list [email protected] https://www.ietf.org/mailman/listinfo/trans >>> >> > > > > _______________________________________________ Trans mailing list > [email protected] https://www.ietf.org/mailman/listinfo/trans >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
