To:
ietf-provreg@cafax.se
From:
axelm@nic.at
Date:
Mon, 18 Jan 2010 16:05:07 +0100
Sender:
owner-ietf-provreg@cafax.se
User-Agent:
Thunderbird 2.0.0.23 (Windows/20090812)
Subject:
[ietf-provreg] Default contact element disclosure problem - RFC bug?
All, We're planning to change our contact disclosure default from "disclose everything" to "don't disclose anything" because of data privacy considerations. EPP already provides the "contact:disclose" element to override the server default. Because of the structure of the "contact:disclose" element, it is required on the client side to be aware of the default setting, so that the proper "overriding" elements can be put into the "contact:disclose" element. If the client is not aware of the default setting on the server, it couldn't identify whether "disclosed" or "undisclosed" elements are to be put into the "disclose" element. However, it seems that there is no way to announce the default disclosure policy to the client, even though it is mentioned in the RFC: RFC5733 says: A server operator announces a default disclosure policy when establishing a session with a client. When an object is created or updated, the client can specify contact attributes that require exceptional disclosure handling using an OPTIONAL <contact:disclose> element. Once set, disclosure preferences can be reviewed using a (most important piece of that snippet is the first sentence) However, looking at the schema definition of the greeting, as well as the examples, there's no way to actually perform that "announcement" during session establishment. The closest match is probably the "dcp" element - however, there's no element within that element that relates to announcing the "contact:disclose" policy. The "dcp" element as far as i understood does also relate to the global data collection policy, while the disclose policy of the contact would be specific to a certain object type, since there could be other defaults for different object types.. So, is this a bug in the RFCs, or are we missing something? Any advice on how clients should detect the disclose policy of the server? Thanks, Alex Mayrhofer Team lead R&D nic.at -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- List run by majordomo software. For (Un-)subscription and similar details send "help" to ietf-provreg-request@cafax.se