To:
"'Bill Manning'" <bmanning@isi.edu>
Cc:
ietf-provreg@cafax.se
From:
"Hollenbeck, Scott" <shollenbeck@verisign.com>
Date:
Mon, 19 Feb 2001 16:44:43 -0500
Sender:
owner-ietf-provreg@cafax.se
Subject:
RE: grrp-reqs-06, 11. Security Considerations [3]
Agreed -- are you suggesting another rewording of [3] or a new requirement [4]: [4] Some of the social information exchanged between a registrar and registry MAY be REQUIRED for proper generation of zone files. Information REQUIRED for proper generation of zone files is subject to public disclosure. I don't have a problem with moving text like this and [3] out of the Security Considerations section since it does have more to do with use of collected data (as Eric noted) than protocol security. How about adding section 8.4 for Data Collection and Disclosure Requirements? I know Eric asked for a Data Collection Considerations section, but section 8 exists to capture requirements that don't have an explicit fit anywhere else. Why not put them here? <Scott/> -----Original Message----- From: Bill Manning [mailto:bmanning@ISI.EDU] Sent: Monday, February 19, 2001 2:57 PM To: shollenbeck@verisign.com Cc: ietf-provreg@cafax.se Subject: Re: grrp-reqs-06, 11. Security Considerations [3] from the archive: [3] Some of the social information exchanged between a registrar and registry can be considered personal, private, or otherwise restricted from public disclosure. Disclosure of such information MAY be restricted by laws and/or business practices. A generic protocol MUST provide services to identify social information that is subject to disclosure restrictions levied by laws and/or business practices. ----------------------------------------------------------- Very good. However, some of the social information may be REQUIRED for proper generation of zone files. Where this information is required, it is subject to public disclosure.