Hi Daniel,
At 11:56 17-06-2014, Daniel Kahn Gillmor wrote:
I'm surprised to hear you say this, given that you're thanked in the
acknowledgments section of RFC 6973 (Privacy Considerations for Internet
Protocols). Do you think that RFC doesn't provide useful guidance or
vocabulary?
RFC 6973 was published in the IAB Stream [1]. Someone could argue
that it is not an IETF document. It is not possible to argue against
that. I reviewed RFC 6973 before it was published as a RFC. In my
opinion it contains useful guidance and vocabulary. There is the
following in RFC 6973:
"Protecting against stored data compromise is typically outside the
scope of IETF protocols. However, a number of common protocol
functions -- key management, access control, or operational logging,
for example -- require the storage of data about initiators of
communications. When requiring or recommending that information
about initiators or their communications be stored or logged by end
systems (see, e.g., RFC 6302 [RFC6302]), it is important to recognize
the potential for that information to be compromised and for that
potential to be weighed against the benefits of data storage. Any
recipient, intermediary, or enabler that stores data may be
vulnerable to compromise. (Note that stored data compromise is
distinct from purposeful disclosure, which is discussed in
Section 5.2.4.)"
With hindsight I would say that I did not pay sufficient attention to
the RFC 6302 reference in the above. For what it is worth my last
comments about RFC 6973 was dated February 2013.
Regards,
S. Moonesamy
1. http://www.rfc-editor.org/info/rfc6973
_______________________________________________
ietf-privacy mailing list
ietf-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-privacy
