To:
shollenbeck@verisign.com (Hollenbeck, Scott)
Cc:
ietf-provreg@cafax.se
From:
Bill Manning <bmanning@isi.edu>
Date:
Mon, 19 Feb 2001 11:56:33 -0800 (PST)
In-Reply-To:
<DF737E620579D411A8E400D0B77E671D750668@regdom-ex01.prod.netsol.com> from "Hollenbeck, Scott" at Feb 19, 2001 12:35:54 PM
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: grrp-reqs-06, 11. Security Considerations [3]
from the archive: [3] Some of the social information exchanged between a registrar and registry can be considered personal, private, or otherwise restricted from public disclosure. Disclosure of such information MAY be restricted by laws and/or business practices. A generic protocol MUST provide services to identify social information that is subject to disclosure restrictions levied by laws and/or business practices. ----------------------------------------------------------- Very good. However, some of the social information may be REQUIRED for proper generation of zone files. Where this information is required, it is subject to public disclosure. % % Indeed, and that's why I suggested a rewording last week to make the intent % more explicit: % % http://www.cafax.se/ietf-provreg/maillist/2001-02/msg00169.html % % <Scott/> % % -----Original Message----- % From: Bill Manning [mailto:bmanning@ISI.EDU] % Sent: Monday, February 19, 2001 11:46 AM % To: shollenbeck@verisign.com % Cc: bmanning@ISI.EDU; ietf-provreg@cafax.se % Subject: Re: grrp-reqs-06, 11. Security Considerations [3] % % % Yup. I re-read it. % I'm concerned that depending on venue, the level of information % required changes. DNS baseline vs DNS-TSIG, vs DNS-SIG/KEY % not counting the goofy CERT rr injections for PGP/SSH key % distribution % will all change the amount of data that will need to be maintained. % % % % % % % Bill, % % % % Have a read of the definitions section ("Thick Registry" specifically), % % where it describes "technical information" as "information needed to % produce % % zone files". % % % % <Scott/> % % % % -----Original Message----- % % From: Bill Manning [mailto:bmanning@ISI.EDU] % % Sent: Friday, February 16, 2001 10:27 AM % % To: shollenbeck@verisign.com % % Cc: ietf-provreg@cafax.se % % Subject: Re: grrp-reqs-06, 11. Security Considerations [3] % % % % % % % % % % Eric, % % % % % % The intention of requirement 11-[3] isn't to document that "a mechanism % % % exists to to distinguish technical from social information", it's % intended % % % to note that disclosure of non-technical information may be subject to % % % restrictions and the protocol needs to provide a way to identify % % information % % % that is subject to disclosure restrictions. This was added at the % request % % % of Karl Auerbach. % % % % What is the distinction between "technical" and "non-technical"? % % Are these definitions immutatble within/between juristictions? % % Will they withstand legal review? % % In which venues? % % % % --bill % -- --bill