To:
Rick Wesson <wessorh@ar.com>
cc:
Patrik Fältström <paf@cisco.com>, Edward Lewis <edlewis@arin.net>, "'ietf-provreg@cafax.se'" <ietf-provreg@cafax.se>, iesg@ietf.org
From:
Allison Mankin <mankin@psg.com>
Date:
Wed, 08 Jan 2003 19:37:02 -0800
In-Reply-To:
Message from Rick Wesson <wessorh@ar.com> of "Wed, 08 Jan 2003 09:35:27 PST." <Pine.LNX.4.33.0301080927490.26631-100000@flash.ar.com>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: privacy
Rick, We are just trying ensure that a basic privacy can be implemented on the fields. Like what we have done for years in IETF with security: mandatory-to-implement baseline, with the customized stuff in extensions. There are a number of other efforts on privacy in IETF working groups and at large - this is not the only place nor the only way that a group has been asked to make mandatory-to-implement privacy. Geopriv is an entire working group for that. I know, as its co-chair, how hard the problem is. Allison > > Patrik, > > > What IESG want is _some_ mandatory to implement mechanism which makes > > it possible for the registrar to say to the registry "Do not disclose > > this attribute to a third party". If the wg want to have the mandatory > > to implement mechanism more powerful than that, fine. What is not ok is > > the protocol not having any mandatory to implement privacy mechanism in > > it, only extensions. > > The issue that some folks have with and IESG mandatory to implement > privacy capability in the prov-reg domain registration context is that > addressing privacy just in epp is not a solution. Addressing privacy in > epp also requires addressing it in the publishing protocols. > > privacy is a thick issues and I've not seen/herd one prov-reg participant > stand up and say "we understand privacy and here is what should happen" > What we do see on the list and in the meetings is that we are not the > people who should develop a privacy context and we don't know how to do > it. > > we have asked for additional direction and get a responses that are obtuse > and confusing. Everyone appears to agree that privacy is a more complex > issue than the IESG is willing to accept and that provreg may not be the > place to define such capabilities. > > I request that you consider that this working group may not be capable of > addressing the problem and appreciate your thoughts on the next step if > this proves to be true. > > -rick > >