In your previous mail you wrote: I think that Francis' point is that the authors are writing a specification which, if implemented, may be illegal to deploy in some jurisdictions.
=> the word "may" is the right one. If the spec should stay about technical stuff IMHO it is an error to ignore its impact on privacy. In a document produced by a standardization body, this could be even considered as a provocation. But the solution is easy: add a privacy consideration section which explains the technical impact and show the IETF doesn't endorse in any way the not-technical aspects of the implementation of methods described in the spec. It's premature to draw any conclusion about the merits of the draft at such an early stage. => if it is about the not-technical merits this should stay true for the whole life of the document... There has been a few drafts recently on which questions about privacy were raised. If privacy wasn't an issue, the web would be faster ( www.afasterinternet.com ). The discussions in several working groups point to a privacy void, i.e. there isn't any guidance about limiting data exposure when designing a protocol. => IMHO this should change. We solved a similar issue about security, there is no reason the same method won't work for privacy. And we should agree to deny privacy issues is not the right way, shouldn't we? Regards francis.dup...@fdupont.fr _______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area
