[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


To: Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
cc: ietf-provreg@cafax.se
From: Jaap Akkerhuis <jaap@sidn.nl>
Date: Tue, 04 Mar 2003 16:31:02 +0100
In-reply-to: Your message of Tue, 04 Mar 2003 07:22:16 -0500. <200303041222.h24CMGtY082995@nic-naa.net>
Sender: owner-ietf-provreg@cafax.se
Subject: Re: [ietf-provreg] FYI: EPP implementation by the Polish registry

    It appears I did read that. I replied with about 60 lines of comment in
    
    http://www.cafax.se/ietf-provreg/maillist/2003-01/msg00062.html
    
    and a one character correction in
    
    http://www.cafax.se/ietf-provreg/maillist/2003-01/msg00063.html
    
    and followed up with 
    
    http://www.cafax.se/ietf-provreg/maillist/2003-01/msg00063.html

Two followups for a charater change.

You said:

    1. Application of the IESG proposal to "technical" data.
    
    The .NL registry defines (hypothetically of course) a dnp==true value for
    one or more elements as an error condition, and presumably returns some
    error code.
    
    Someone, Scott if my memory serves, mentioned a registry which defines a
    dnp==true value for one or more elements as a non-error, and presumably
    returns something other than an error code.
    
    Is using EPP with dcp==true for technical data a good thing? I see it as
    an operation to modify the string-space, with no external manifestation,
    other than error upon query or transform. I can't imagine an application
    to an address registry's operational practices, but I don't have direct
    knowledge of address registry or registrar operational art.

That shows. Note I said, that this was a hypothetical case.
    
    2. Application of the IESG proposal to "social" data at a registry.
    
    The .NL registry anticipates (effective 29 Jan 2003) operating under the
    general framework of a European Union member state's Data Protection Act.
    
    Consistent with the general framework of EU's Data Protection Directives,
    the access, purpose, recipient, and retention are all contractually defined.
    
    This is not generally the case for registries operating outside of the EU,
    nor for registrars and resellers operating outside of the EU.
    
    It would be helpful if the details of data protection between a non-EU
    resident .NL regsitrar and the .NL registry were available, assuming any
    exist.

Note that we do this under dutch law. If registrars and registrations
doesn't want to confirm to that, there is no point in registrting
in .NL.
    
    3. Existance of the PROVREG proposal, in the presence of the IESG proposal.
    
    Would the .NL registry operator use both the session-level <dcp> data, and
    the element-level opt-{in|out} data? If the answer is "no", as I suspect
    it is, then <dcp> use either a) is error, or b) is silently discarded.

No, it is not discarded. Reread. And I din't mentioned both elements
at all.

    If the answer is "yes", which takes precidence in the event of conflict?

    Trying to keep concrete, data originates from a registrant and is collected
    by a US-Reseller, and in turn provisioned to a CA-Registrar, and in turn is
    provisioned to a .EU-Registry. Is the mechanism that provides the guidance
    for operational art at each onward-transport entity out-of-band (contract),
    or is it in-band, and if in-band, did the IESG proposal provide the same
    policy at each collector/onward-transporter as the European Union member
    state's Data Protection Act?
    
    I don't think so.
    
    I could be wrong.
    
    A p|np toggle is fine if purpose/recipient/retention/access are already
    taken care of (the Data Protection case). Where they are not, (OEDC and
    US cases), a p|np toggle may solve the 954 problem. How it can be applied
    to non-954 (and 954bis) is not stated.
    
Deliver text.

	jaap

Home | Date list | Subject list