RE: grrp-reqs-06, 11. Security Considerations [3]

["Hollenbeck, Scott" <shollenbeck@verisign.com>]

Agreed -- are you suggesting another rewording of [3] or a new requirement
[4]:

[4] Some of the social information exchanged between a registrar and
registry MAY be REQUIRED
for proper generation of zone files.  Information REQUIRED for proper
generation of zone files is subject to public disclosure.

I don't have a problem with moving text like this and [3] out of the
Security Considerations section since it does have more to do with use of
collected data (as Eric noted) than protocol security.  How about adding
section 8.4 for Data Collection and Disclosure Requirements?  I know Eric
asked for a Data Collection Considerations section, but section 8 exists to
capture requirements that don't have an explicit fit anywhere else.  Why not
put them here?

<Scott/> 

-----Original Message-----
From: Bill Manning [mailto:bmanning@ISI.EDU]
Sent: Monday, February 19, 2001 2:57 PM
To: shollenbeck@verisign.com
Cc: ietf-provreg@cafax.se
Subject: Re: grrp-reqs-06, 11. Security Considerations [3]


from the archive:


[3] Some of the social information exchanged between a registrar and
registry can be considered personal, private, or otherwise restricted from
public disclosure.  Disclosure of such information MAY be restricted by laws
and/or business practices.  A generic protocol MUST provide services to
identify social information that is subject to disclosure restrictions
levied by laws and/or business practices.

	-----------------------------------------------------------

Very good.  However, some of the social information may be REQUIRED
for proper generation of zone files. Where this information is required,
it is subject to public disclosure.