This looks like a very accurate representation of the data protection European regulations. I have the same view.
Not so easy to implement but if it is implemented correctly, I think very few people will disagree with the essence of this regulation. Dimitris. -- Sent from my mobile device. Pls excuse brevity and typos > On 5 Nov 2016, at 11:50, Nick Lamb <tialara...@gmail.com> wrote: > >> On Friday, 4 November 2016 19:37:07 UTC, Jeremy Rowley wrote: >> We also like the public disclosures CT requires as its been essential in >> identifying issuing CAs and non-compliances. That's probably not a surprise >> as we've always strongly supported CT. I do see the need for name redaction >> though as lots of the certificates are issued to individuals, and the >> European government freaks out whenever there is the potential disclosure of >> PII. > > Unlike with DNS names / IP addresses in the Web PKI, I could still be > persuaded that redacting personal information about individual human > subscribers would make sense. > > Nevertheless I think it's valuable to understand that European regulations in > this area ("Data Protection" is the usual English term) are not intended to > altogether prohibit the disclosure of PII. The regulations are instead > focused on ensuring that subjects know what is held about them, that they're > told how it will be used and why, that the data used is adequate yet not > excessive for that purpose, and that they can get any mistakes fixed. > > So Data Protection could permit unredacted CT logging if it served some > legitimate purpose, particularly one that's in the subject's best interest > such as deterring identity fraud or protecting the integrity of the > certificate ecosystem they're using, and if subscribers were told about this > before they request the certificate. > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy