[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


To: Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
Cc: Edward Lewis <edlewis@arin.net>, ietf-provreg@cafax.se, jaap@sidn.nl, brunner@nic-naa.net
From: Edward Lewis <edlewis@arin.net>
Date: Mon, 24 Mar 2003 16:21:09 -0500
In-Reply-To: <200303241644.h2OGilGL062506@nic-naa.net>
Sender: owner-ietf-provreg@cafax.se
Subject: Re: [ietf-provreg] Our "Privacy Issue"

At 11:44 -0500 3/24/03, Eric Brunner-Williams in Portland Maine wrote:
>I'm not convinced that the issue of contention is technical.

Then I've failed in my description of the problem.

As we sit, EPP requires the registrar to make decisions on whether 
the submission of a piece of data will be accorded the proper 
handling with regards to privacy.  The issue is that EPP forces the 
registrar into this posture, there is no choice.

What the IESG has asked of us is to make EPP possible to support a 
scenario in which a registrar gives the data and policy request to 
the registry and then let the registry decide what to do. 
Furthermore, a basic framework for this is desired to be part of the 
base protocol.

The IESG is doing this through the role of protocol design engineer 
review - recognizing functionality that oughta be in a protocol but 
isn't.

>The registry announces a session-policy. Implementors are free
>to evaluate the registry-announced policy, and implement local policy,
>e.g., accept the policy and propogate policied data, or decline.

But the only option available to users of the client is to decide 
whether or not to make the registration.  We want more of an option 
than that.

>To me, it _was_ just distributed read and write access mechanisms to
>shared store, with a specific syntax. If someone claims read-on-43
>exhaustively defines "privacy", I don't care. It doesn't exhaustively
>define _read_.

I don't think anyone is trying to link privacy to what's on port 43 
(whois to most of us).  The goal isn't to tie privacy to any 
publication mechanism.  This is done with the intent that during the 
phase of reaching towards DS, we will have more tools for dealing 
with privacy.  Features are more easily removed from PS to DS than 
added.

>Enforcement is a whole different can of worms, unless this is just a
>techno-fiction.

Enforcement is part of policy and we are making every effort to sidestep it.

>Nope. Seems technically flawed to me, and worse than what we had.

I don't see how.
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                            +1-703-227-9854
ARIN Research Engineer

I've had it with world domination.  The maintenance fees are too high.

Home | Date list | Subject list