Hi, Yes, while your implementation may have to adhere to particular laws or regulations, we make a point to not enforce any of them in protocol designs. We may put in controls or features that allow you to decide if you'd like to adhere to policies such as data retention requirements, but they would be a choice.
Best regards, Kathleen Sent from my iPhone > On May 24, 2016, at 9:39 AM, Jason - <winpackja...@outlook.com> wrote: > > My webmail client made a mistake and sent this message just to you. Thank you > for telling me. If you hadn't told me, I wouldn't notice that my message > wasn't sent to the whole Acme IETF group. So, without further hesitation I am > copying the contents of my second message here: > > ---Start of Message--- > > Since you speak as a WG chair, I clearly cannot anything, which is why I said > in my email "if my opinion matters at all". > > Also, note that the EU right-to-be-forgotten partially contravenes US CALEA > laws. Therefore, it's not clear which of those two shall apply. > > However, maybe it is out of scope. In my point of view, deleting data, except > certificates and relevant authorizations, which, as Jacob said, may need to > be retained for a longer period of time, protects the user's privacy. > > Finally, what I meant (wrong phrasing in my original response) is that the CA > ecosystem as a whole follows the best interests of the user and the CAs are > required to comply with laws, which in this case isn't that clear. But this > is another discussion, of course. > > ---End of Message--- > > And now my comments: Since it is out of scope, and possibly it is, I > recommend that the wording isn't completely changed to "deactivation" but > instead to "deactivation and/or deletion". That would allow for more > possibilities to be taken into consideration. > > Best wishes, > Jason > > From: rs...@akamai.com > To: winpackja...@outlook.com > Subject: RE: [Acme] Account deactivation > Date: Tue, 24 May 2016 12:47:59 +0000 > > Did you mean to send this just to me? > > > > You can say anything. If you think a WG chair is wrong, you can talk to the > other chair, and you can talk to the Area Director. > > > > I think, pretty clearly, that local law enforcement and embedding it in the > protocol, is out of scope of the WG as is data retention. But please feel > free to disagree publically!!! > > > > -- > > Senior Architect, Akamai Technologies > > IM: richs...@jabber.at Twitter: RichSalz > > > > From: Jason - [mailto:winpackja...@outlook.com] > Sent: Monday, May 23, 2016 8:32 PM > To: Salz, Rich > Subject: RE: [Acme] Account deactivation > > > > Since you speak as a WG chair, I clearly cannot anything, which is why I said > in my email "if my opinion matters at all". > > Also, note that the EU right-to-be-forgotten partially contravenes US CALEA > laws. Therefore, it's not clear which of those two shall apply. > > However, maybe it is out of scope. In my point of view, deleting data, except > certificates and relevant authorizations, which, as Jacob said, may need to > be retained for a longer period of time, protects the user's privacy. > > Finally, what I meant (wrong phrasing in my original response) is that the CA > ecosystem as a whole follows the best interests of the user and the CAs are > required to comply with laws, which in this case isn't that clear. But this > is another discussion, of course. > > Best regards, > Jason > > > From: rs...@akamai.com > > To: winpackja...@outlook.com; j...@eff.org; acme@ietf.org > > Subject: RE: [Acme] Account deactivation > > Date: Mon, 23 May 2016 23:07:16 +0000 > > > > > Let me explain a bit more: Shall a CA receive a valid and trustworthy > > > request for deletion of an account/authorization, the CA must totally > > > erase any trace of data regarding that account > > > > Speaking as a WG chair, I disagree. EU data retention, like US Calea laws, > > are outside the scope of the protocol. > > > > > CAs follow the best interests of the users, don't they? > > > > As commercial vendors, their shareholders should come first. > > > > Speaking as an individual, I support the MR. > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
