Re: privacy

[Allison Mankin <mankin@psg.com>]

Rick,

We are just trying ensure that a basic privacy can be implemented
on the fields.  Like what we have done for years in IETF with
security: mandatory-to-implement baseline, with the customized stuff
in extensions.

There are a number of other efforts on privacy in IETF working groups
and at large - this is not the only place nor the only way that a group
has been asked to make mandatory-to-implement privacy.  Geopriv is an
entire working group for that.   I know, as its co-chair, how hard
the problem is.

Allison

> 
> Patrik,
> 
> > What IESG want is _some_ mandatory to implement mechanism which makes
> > it possible for the registrar to say to the registry "Do not disclose
> > this attribute to a third party". If the wg want to have the mandatory
> > to implement mechanism more powerful than that, fine. What is not ok is
> > the protocol not having any mandatory to implement privacy mechanism in
> > it, only extensions.
> 
> The issue that some folks have with and IESG mandatory to implement
> privacy capability in the prov-reg domain registration context is that
> addressing privacy just in epp is not a solution. Addressing privacy in
> epp also requires addressing it in the publishing protocols.
> 
> privacy is a thick issues and I've not seen/herd one prov-reg participant
> stand up and say "we understand privacy and here is what should happen"
> What we do see on the list and in the meetings is that we are not the
> people who should develop a privacy context and we don't know how to do
> it.
> 
> we have asked for additional direction and get a responses that are obtuse
> and confusing. Everyone appears to agree that privacy is a more complex
> issue than the IESG is willing to accept and that provreg may not be the
> place to define such capabilities.
> 
> I request that you consider that this working group may not be capable of
> addressing the problem and appreciate your thoughts on the next step if
> this proves to be true.
> 
> -rick
> 
>