To:
Randy Bush <randy@psg.com>
Cc:
"Paul M. Kane" <Paul.Kane@REACTO.com>, ietf-provreg@cafax.se, iesg@ietf.org
From:
Joe Abley <jabley@isc.org>
Date:
Thu, 9 Jan 2003 07:32:41 -0500
In-Reply-To:
<E18Wb5k-000POh-00@rip.psg.com>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: privacy
On Thursday, Jan 9, 2003, at 06:43 Canada/Eastern, Randy Bush wrote: >> IMHO the spec should contain the basic parameters then each registry >> can >> extend to accomodate the applicable policy >> (_laws_of_the_jurisdiction) >> ..... which probably means that Registars, if they want to trade in >> the >> jurisdiciton will have to adjust their interfaces (C2Rr and Rr2Ry) >> accordingly. >> The effect will be that gTLD Registries (as ccTLD registries have to >> do >> already) must respect national operating conditions if they want >> customers from that nation.... but such is politics not technology > > in idle moments, i am trying to understand the mechanisms and > poilicy useful/needed by a swedish registrant, using a registrar > located in brasil, to register in a domain which has its registry > in say american or new zealand juristiction. and, of course, the > registrant has personal preferences, "don't publish my fax number." Does it seem that a simple, boolean "do not disclose" flag on each field is sufficient to accommodate the privacy requirements of that scenario? Or is there a chance that data might be disclosable to different parties in different ways, based (for example) on geography or legal jurisdiction? If there is no chance of that, then the dnd attribute proposal might be a fine framework to put in place. The question does not seem a naturally trivial one, however, since it encompasses all existing (and all future) privacy policy in every jurisdiction that might now (or ever) be home to a person with internet access. Joe