To:
Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
cc:
ietf-provreg@cafax.se
From:
Jaap Akkerhuis <jaap@sidn.nl>
Date:
Mon, 03 Mar 2003 20:13:16 +0100
In-reply-to:
Your message of Mon, 03 Mar 2003 13:52:28 -0500. <200303031852.h23IqStY080228@nic-naa.net>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: [ietf-provreg] FYI: EPP implementation by the Polish registry
[Category I participation Category I participation is open
to businesses and institutions based within the European Union.]
Oh that. I thought that it was lifted. But it is still completely
irrelevant for the privacy discussion.
The "us" (parties having the capacity to register domain names on behalf
of clients) for which "the non-disclose attribute will work" appears to
be a scoped set of (eventual) EPP participants. The charter for this WG
is not to create a registry-specific, or regime-specific, or jurisdiction-
specific, or object-specific protocol.
I'm not bringing this up. You are.
How can a registrar signal in-band to a registry that it accepts
the general Data Protection framework, and any specific terms
and conditions?
It doesn't need to. It should first abide to the contract. That is
not-in band.
More generally, how can any two (or more) participants in the
onward-transport of customer data signal in-band their data
collection practices, and automate the management of onward-transport?
That's not question this group has to answer. The only question is,
what is the proper element in the protocol which help to implement
a policy as been spelled out in the legal framework.
jaap