On Wed, Nov 2, 2016 at 9:13 AM, Stephen Farrell
<[email protected]> wrote:
>
>
> On 02/11/16 15:57, Jeremy Rowley wrote:
>> Here's what we are dealing with on this front:
>>
>> The EU has a right to be forgotten which requires a data controller
>> to remove data that is no longer necessary or irrelevant for the
>> original purposes for which the data was collected. Primarily, courts
>> have interpreted this as requiring a search engine to remove
>> information about a person at that individual’s request. This has
>> caused consider headaches for Google.
>>
>> CT monitors are likely considered a search engine that identify
>> certificates with personal information included. However, CT, by
>> design, cannot delete information from logs and any deletion will
>> cause the log to fail. This puts CT at odds with EU privacy laws as
>> certificate subjects often contain individual information, email
>> addresses specified in the SANs, and SANS DNS entries that identify
>> an individual (albeit this is a stretch).
>>
>> I'm having trouble reconciling how a monitoring service/log operator
>> is supposed to comply with the EU requirements without supporting
>> redaction.
>
> What makes you think redaction would help? If anything from the
> entry in the log correlates with the cert then some wacky court
> could decide who knows what... Particularly with stuff like that
> so-called right to be forgotten, I'm not clear that we can plan
> ahead and guess what courts might or might not decide. (And IANAL
> of course:-)
Stephen,
We don't need to plan for all eventualities, but I think it is
reasonable to plan for cases that are predictable.
Consider the following specific case:
An individual ("Alex Bauer" as an example) who is a German citizen and
resident registers a domain name (contosoedumakation.de) and gets a
certificate with GN=Alex,SN=Bauer in the subject and
www.contosoedumakation.de as a dNSName type Subject Alternative Name.
The certificate has a validity period of 90 days. Alex sells that
domain name to someone else and ceases to have any involvement with
the domain or new registrant. A year later, the new registrant sells
it to someone else who starts to use it to host various content that
Alex wants no association with.
Alex files a request to remove any information associating Alex Bauer
with contosoedumakation.de. What does a CT log operator do?
Thanks,
Peter
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
