To:
Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
Cc:
"'ietf-provreg@cafax.se'" <ietf-provreg@cafax.se>
From:
Ted Hardie <hardie@qualcomm.com>
Date:
Wed, 16 Apr 2003 15:35:39 -0700
In-Reply-To:
<200304162158.h3GLwaZj003843@nic-naa.net>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: [ietf-provreg] legal entity vs individual person
On Wednesday, April 16, 2003, at 02:58 PM, Eric Brunner-Williams in Portland Maine wrote: > We worked on the postal question. We considered the question of postal > address conventions where there are little that is "conventional". Very true. In a little town near me, for example, the residents have explicitly voted against home delivery because they did not want to do away with what they saw as their addresses---really names like "Heart's rest" etc. As I said, however, the main point is this one: >> main point is that how a legal entity and humans are treated for >> purposes of data disclosure is a matter of local policy. > > Really? > > So there is no architectural principle present, something that arises > in our requirements, hence in our choices of mechanisms, that causes > us to attempt to distinguish between a person and a non-person. Perhaps my terms didn't match 3375 sufficiently for my point to be clear. As it states, registrants may be humans, corporations, and organizations. Social information associated with registrants (as per 3.4.3) may thus be associated with human, corporations, and organizations. There may be local policy which applies to all registrants or which defines them by type. To expect that a mechanism (such as Do not distribute) applies only to a single registrant type is to presume something about local policy. > If, instead of personally identifying information, EPP provisioned a > SRS with the GPS data for mountain tops, or the ranges for Spring Tides > at select points on the coast of Maine, the "treat[ment] for purposes > of data disclosure" would be indistinguishable from what we were close > to agreement was necessary and sufficient. If you find a registrar willing to treat a mountain top or spring tide range as a registrant, I suggest you short their stock. > I don't want to leave this stone unturned, so here it is again. > >> Assumes an infrastructure not uniformly present, and assumes that >> use of that infrastructure does not carry second order threats. > > We've already done postal. It is in the archives. > > So there is your "second order threats". What are they? > I thought it was moderately obvious; sorry. The second order threat is that public data associated with an address could be correlated with other public data to re-create the data distribution problem.