To:
Vittorio Bertola <vb@bertola.eu.org>
Cc:
Edward Lewis <edlewis@arin.net>, ietf-provreg@cafax.se
From:
Edward Lewis <edlewis@arin.net>
Date:
Thu, 23 Jan 2003 11:06:16 -0500
In-Reply-To:
<8rdv2vsa9h5qkn41icm3d89m6eeis67rna@4ax.com>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: [ietf-provreg] where are we with privacy
At 10:42 +0100 1/23/03, Vittorio Bertola wrote: >The purpose of my message was exactly to give my opinion on these >three points: why there is the need to include mechanisms to specify >privacy level in the protocol, why they should be in the base protocol >rather than in extensions, and what a reasonable level of "generic >privacy" is. > >Of course that was just my opinion, supported by my personal >experience. But it was an attempt to give you real life requirements >that the service should be able to support. You'll never be sure that >those requirements cover all possible needs for privacy specification, >but you can be sure that at least those ones are necessary for whoever >operates in Europe. (The EU law applies to any data processing >happening in the EU, so it applies both to EU registries and to EU >registrars.) Your message was quite helpful. I did just get around to reading it myself. (I seem to habitually exhibit a 1 week delay.) Your message put a more concrete spin on the problem to solve. Not having access to an ICANN contract myself (nor much understanding nor patience for contract law), my understanding is that ICANN requires public distribution of (some/all) data from registries. ICANN has discussed data escrow to backup failed elements of the shared registry system, I don't know if that is required - and if that enters into privacy concerns. ICANN requires the use of a standard protocol to make the shared registry system work (which is where we come in). Does the situation above mean that there may be a conflict between European privacy law and the contracts for the gTLDs? >>4) The proposed "doNotDisclose" mechanism seems to work with some >>environments, but the wording/name of it is a bit ambiguous. > >Then let's find a better wording :-) That's certainly one approach. In a private email to someone else I suggested as much, i.e., I agree with you. >>5) We aren't willing to research the privacy topic within this WG. > >But, IMHO, you can't write a good technical spec if you're not willing >to research and address all the related topics. I fear we can't pick >just the parts of the job we like. This isn't a matter of whether or not we want to tackle a particular work item but a reflection on the scope of the IETF work. The IETF is positioned to solve concrete problems. The structure of the IETF leads it to behave poorly when the problem is abstract, lacking a good measure of success to identify when the problem is solved. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-703-227-9854 ARIN Research Engineer