To: "Hollenbeck, Scott" <firstname.lastname@example.org>
Cc: "'email@example.com'" <firstname.lastname@example.org>
From: Stephane Bortzmeyer <email@example.com>
Date: Tue, 22 Oct 2002 14:09:22 +0200
Subject: Re: "private" Element Attribute
On Mon, Oct 21, 2002 at 10:08:29AM -0400, Hollenbeck, Scott <firstname.lastname@example.org> wrote a message of 42 lines which said: > In the ongoing IESG discussion of our EPP documents, we (Patrik and I) have > come to the conclusion that we might need to add a new attribute to every > object element in the domain, contact, and host mappings. This boolean > attribute, "private", will be used to note that the value of an element > should not be disclosed to third parties. OK, privacy is a touchy subject and a complicated one. I would disagree with such "ultra-simple" proposals that give the impression we do something for privacy-conscious people while we do not really address the full range of the subject. For instance, many people would agree that their coordinates are displayed in reply to a whois query but not that they are included in a bulk transfer of the database to a spammer (ooops, I mean marketer). I suggest instead to rely on a function of EPP: the fact that you can include XML elements which are not in the official schema. For instance, P3P <URL:http://www.w3.org/TR/P3P/> elements could be added in the EPP flow from the registry to the registrar and APPEL elements from the registrar to the registry. That way, we would build on an existing and documented and recognized and quite comprehensive framework (managing its privacy preferences is complicated enough that we do not introduce a new framework).