IETF provreg mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "'Edward Lewis'" <edlewis@arin.net>, Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
Cc: "'ietf-provreg@cafax.se'" <ietf-provreg@cafax.se>
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
Date: Thu, 13 Feb 2003 09:56:54 -0500
Sender: owner-ietf-provreg@cafax.se
Subject: RE: [ietf-provreg] FYI: EPP implementation by the Polish registry

> This is a good request.  This is one of the missing pieces of the 
> converstation.
> 
> At 11:02 -0500 2/11/03, Eric Brunner-Williams in Portland Maine wrote:
> >>  The WG should note that implementers of real-world 
> privacy policies are
> >>  finding it necessary to add a "do not disclose" element.
> >
> >Could someone, possibly an implementor, comment on the 
> design choice that
> >did not utilize the <dcp> element, and disclose its 
> deficiencies? I can
> >guess, but it would be nice to hear from someone else who 
> considered it
> >and found it failed to meet a requirement.

Is Eric's request behind a thought that we are considering either the
current DCP functionality, or the "do not disclose"-proposed functionality,
but not both?  I can easily see a need for both:

- in some environments, it might be OK for the server operator to say "this
is what I will/might do with data, and if you as data originator give me
data you are agreeing to my policy".  We have this in the protocol right now
with the <dcp> element.

- in other environments, it might be OK for the data owner to say "this is
what I will allow you as server operator to do with the data I share with
you".  I thought some of the European contributors have said this sort of
functionality is required under recent European privacy laws.  This is
something we don't currently have in the protocol.

I'm not sure that this is a "pick one or the other" situation, but I'm also
interested in implementer perspectives.  If you're not publishing a data
collection policy, is there any specific issue that's driving that decision?

I haven't decided what makes sense for the .com and .net registry yet, but
other people who are using EPP in domain registry operations must have been
through a decision process.  Come on, people, please let us know what you're
doing with respect to privacy and data collection and why you're doing it!
We need some real data points to help close the discussion with the IESG.

-Scott-

Follow-Ups:
- Re: [ietf-provreg] FYI: EPP implementation by the Polish registry
  - From: "Ram Mohan" <rmohan@afilias.info>
- Re: [ietf-provreg] FYI: EPP implementation by the Polish registry
  - From: Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>

Prev by Date: Re: [ietf-provreg] FYI: EPP implementation by the Polish registry
Next by Date: [ietf-provreg] Is it "social" or is it "model" or is it "mechanism"?
Prev by thread: RE: [ietf-provreg] FYI: EPP implementation by the Polish registry
Next by thread: Re: [ietf-provreg] FYI: EPP implementation by the Polish registry
Index(es):
- Date
- Thread

Home | Date list | Subject list