To:
shollenbeck@verisign.com (Hollenbeck, Scott)
Cc:
ietf-provreg@cafax.se
From:
Bill Manning <bmanning@isi.edu>
Date:
Mon, 19 Feb 2001 11:56:33 -0800 (PST)
In-Reply-To:
<DF737E620579D411A8E400D0B77E671D750668@regdom-ex01.prod.netsol.com> from "Hollenbeck, Scott" at Feb 19, 2001 12:35:54 PM
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: grrp-reqs-06, 11. Security Considerations [3]
from the archive:
[3] Some of the social information exchanged between a registrar and
registry can be considered personal, private, or otherwise restricted from
public disclosure. Disclosure of such information MAY be restricted by laws
and/or business practices. A generic protocol MUST provide services to
identify social information that is subject to disclosure restrictions
levied by laws and/or business practices.
-----------------------------------------------------------
Very good. However, some of the social information may be REQUIRED
for proper generation of zone files. Where this information is required,
it is subject to public disclosure.
%
% Indeed, and that's why I suggested a rewording last week to make the intent
% more explicit:
%
% http://www.cafax.se/ietf-provreg/maillist/2001-02/msg00169.html
%
% <Scott/>
%
% -----Original Message-----
% From: Bill Manning [mailto:bmanning@ISI.EDU]
% Sent: Monday, February 19, 2001 11:46 AM
% To: shollenbeck@verisign.com
% Cc: bmanning@ISI.EDU; ietf-provreg@cafax.se
% Subject: Re: grrp-reqs-06, 11. Security Considerations [3]
%
%
% Yup. I re-read it.
% I'm concerned that depending on venue, the level of information
% required changes. DNS baseline vs DNS-TSIG, vs DNS-SIG/KEY
% not counting the goofy CERT rr injections for PGP/SSH key
% distribution
% will all change the amount of data that will need to be maintained.
%
%
%
% %
% % Bill,
% %
% % Have a read of the definitions section ("Thick Registry" specifically),
% % where it describes "technical information" as "information needed to
% produce
% % zone files".
% %
% % <Scott/>
% %
% % -----Original Message-----
% % From: Bill Manning [mailto:bmanning@ISI.EDU]
% % Sent: Friday, February 16, 2001 10:27 AM
% % To: shollenbeck@verisign.com
% % Cc: ietf-provreg@cafax.se
% % Subject: Re: grrp-reqs-06, 11. Security Considerations [3]
% %
% %
% % %
% % % Eric,
% % %
% % % The intention of requirement 11-[3] isn't to document that "a mechanism
% % % exists to to distinguish technical from social information", it's
% intended
% % % to note that disclosure of non-technical information may be subject to
% % % restrictions and the protocol needs to provide a way to identify
% % information
% % % that is subject to disclosure restrictions. This was added at the
% request
% % % of Karl Auerbach.
% %
% % What is the distinction between "technical" and "non-technical"?
% % Are these definitions immutatble within/between juristictions?
% % Will they withstand legal review?
% % In which venues?
% %
% % --bill
%
--
--bill