Roman, Thank you for the feedback. I provide responses to your feedback embedded below that can be included in -16 prior to moving onto the RFC editor. Let me know whether you agree with the edits and clarifications.
Thanks, -- JG James Gould Fellow Engineer jgo...@verisign.com <mailto:jgo...@verisign.com> <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgo...@verisign.com <mailto:jgo...@verisign.com>> 703-948-3271 12061 Bluemont Way Reston, VA 20190 Verisign.com <http://verisigninc.com/> <http://verisigninc.com/>> On 9/19/23, 9:03 PM, "Roman Danyliw via Datatracker" <nore...@ietf.org <mailto:nore...@ietf.org> <mailto:nore...@ietf.org <mailto:nore...@ietf.org>>> wrote: Roman Danyliw has entered the following ballot position for draft-ietf-regext-rdap-redacted-14: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://secure-web.cisco.com/1k0LpSqNgyqTHT-q3zblQhCgyde6bo0jcmAigDJ-ZyszyyYu4vFrVR-KNwnRqYUc6iWrvM5u06i1-WN-tttS2RcNgZg0WeC3TFMM1X31bAdVtRRO39k4B_hfVk7wIdwf7ntylBzKqAlQM1IHpD-bEzoAdtkkdnnKlLG2HnTQq2_ysKU5E__OGDNO-gXNF3wqDAuVGBNOezzefMDXU-uAMSKtfmFJdpLWv7goP91MmS-NOubJrdGNK10cdE7S-gT3LmT-1KFyihbQ2YZMByAk6XUKnx_MataU63QQrem2OkXk/https%3A%2F%2Fwww.ietf.org%2Fabout%2Fgroups%2Fiesg%2Fstatements%2Fhandling-ballot-positions%2F <https://secure-web.cisco.com/1k0LpSqNgyqTHT-q3zblQhCgyde6bo0jcmAigDJ-ZyszyyYu4vFrVR-KNwnRqYUc6iWrvM5u06i1-WN-tttS2RcNgZg0WeC3TFMM1X31bAdVtRRO39k4B_hfVk7wIdwf7ntylBzKqAlQM1IHpD-bEzoAdtkkdnnKlLG2HnTQq2_ysKU5E__OGDNO-gXNF3wqDAuVGBNOezzefMDXU-uAMSKtfmFJdpLWv7goP91MmS-NOubJrdGNK10cdE7S-gT3LmT-1KFyihbQ2YZMByAk6XUKnx_MataU63QQrem2OkXk/https%3A%2F%2Fwww.ietf.org%2Fabout%2Fgroups%2Fiesg%2Fstatements%2Fhandling-ballot-positions%2F> <https://secure-web.cisco.com/1k0LpSqNgyqTHT-q3zblQhCgyde6bo0jcmAigDJ-ZyszyyYu4vFrVR-KNwnRqYUc6iWrvM5u06i1-WN-tttS2RcNgZg0WeC3TFMM1X31bAdVtRRO39k4B_hfVk7wIdwf7ntylBzKqAlQM1IHpD-bEzoAdtkkdnnKlLG2HnTQq2_ysKU5E__OGDNO-gXNF3wqDAuVGBNOezzefMDXU-uAMSKtfmFJdpLWv7goP91MmS-NOubJrdGNK10cdE7S-gT3LmT-1KFyihbQ2YZMByAk6XUKnx_MataU63QQrem2OkXk/https%3A%2F%2Fwww.ietf.org%2Fabout%2Fgroups%2Fiesg%2Fstatements%2Fhandling-ballot-positions%2F> <https://secure-web.cisco.com/1k0LpSqNgyqTHT-q3zblQhCgyde6bo0jcmAigDJ-ZyszyyYu4vFrVR-KNwnRqYUc6iWrvM5u06i1-WN-tttS2RcNgZg0WeC3TFMM1X31bAdVtRRO39k4B_hfVk7wIdwf7ntylBzKqAlQM1IHpD-bEzoAdtkkdnnKlLG2HnTQq2_ysKU5E__OGDNO-gXNF3wqDAuVGBNOezzefMDXU-uAMSKtfmFJdpLWv7goP91MmS-NOubJrdGNK10cdE7S-gT3LmT-1KFyihbQ2YZMByAk6XUKnx_MataU63QQrem2OkXk/https%3A%2F%2Fwww.ietf.org%2Fabout%2Fgroups%2Fiesg%2Fstatements%2Fhandling-ballot-positions%2F>> for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://secure-web.cisco.com/15Ag4011mRlqCTguj3e-26qOi-e0XFUCO4CKMtx-YlABk9tSCgyo2p--vVdNbWJbAALMTE9QA_ijYM-r36fayiDwJJmuBDmcZmO3XQrmDxJkHu5bvlcxRn_c0U891HzID_RoYJUiEBa_Yn8O4eK5WS7LISkX4lg10oP6HRDNm5h11PiWdYDSBdVm3aScAdSRXaFyxzoGmNsdnyp2tG01x2ZTNjhAg64FfTvaHtrItRZx8k6b2xmXHPFxJHUmihl3tvtsakiXlFs-hMWzE0YLxOcEK93dju2TYkJE26N7Lb6g/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-regext-rdap-redacted%2F <https://secure-web.cisco.com/15Ag4011mRlqCTguj3e-26qOi-e0XFUCO4CKMtx-YlABk9tSCgyo2p--vVdNbWJbAALMTE9QA_ijYM-r36fayiDwJJmuBDmcZmO3XQrmDxJkHu5bvlcxRn_c0U891HzID_RoYJUiEBa_Yn8O4eK5WS7LISkX4lg10oP6HRDNm5h11PiWdYDSBdVm3aScAdSRXaFyxzoGmNsdnyp2tG01x2ZTNjhAg64FfTvaHtrItRZx8k6b2xmXHPFxJHUmihl3tvtsakiXlFs-hMWzE0YLxOcEK93dju2TYkJE26N7Lb6g/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-regext-rdap-redacted%2F> <https://secure-web.cisco.com/15Ag4011mRlqCTguj3e-26qOi-e0XFUCO4CKMtx-YlABk9tSCgyo2p--vVdNbWJbAALMTE9QA_ijYM-r36fayiDwJJmuBDmcZmO3XQrmDxJkHu5bvlcxRn_c0U891HzID_RoYJUiEBa_Yn8O4eK5WS7LISkX4lg10oP6HRDNm5h11PiWdYDSBdVm3aScAdSRXaFyxzoGmNsdnyp2tG01x2ZTNjhAg64FfTvaHtrItRZx8k6b2xmXHPFxJHUmihl3tvtsakiXlFs-hMWzE0YLxOcEK93dju2TYkJE26N7Lb6g/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-regext-rdap-redacted%2F> <https://secure-web.cisco.com/15Ag4011mRlqCTguj3e-26qOi-e0XFUCO4CKMtx-YlABk9tSCgyo2p--vVdNbWJbAALMTE9QA_ijYM-r36fayiDwJJmuBDmcZmO3XQrmDxJkHu5bvlcxRn_c0U891HzID_RoYJUiEBa_Yn8O4eK5WS7LISkX4lg10oP6HRDNm5h11PiWdYDSBdVm3aScAdSRXaFyxzoGmNsdnyp2tG01x2ZTNjhAg64FfTvaHtrItRZx8k6b2xmXHPFxJHUmihl3tvtsakiXlFs-hMWzE0YLxOcEK93dju2TYkJE26N7Lb6g/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-regext-rdap-redacted%2F>> ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you to Hilarie Orman for the SECDIR review. ** Section 3. Redaction in RDAP can be handled in multiple ways. The resulting redacted RDAP response MUST comply with the RDAP RFCs, such as [RFC9083]. This language of “comply with the RDAP RFCs” seems to too imprecise given the normative MUST. Is there a way to be more precise? Could this be scoped to “RFC9083 and updates”? JG - This can be updated to "The resulting redacted RDAP response MUST comply with the format defined in the RDAP RFCs, such as [RFC 9083] and updates". What want to ensure that the redaction doesn't change the structure or syntax requirements defined in the RDAP RFCs. ** Section 8. Servers MAY exclude the redacted members for RDAP fields that are considered a privacy issue in providing a data existence signal. Could this please be expanded upon? Is this practically saying if the fields are “sufficiently privacy sensitive” (where the existence of the data must not be revealed then) ignore the redaction mechanism in this draft? JG - No, the intention is to exclude the signal of the redaction in the redacted extension itself, but the redaction has been done in the response using one of the defined redaction methods. The signal itself can disclose the existence of data, which MAY be excluded to address privacy concerns. Based on addressing Paul Wouters' DISCUSS, this has been moved to Section 4.2 "redacted" Member since it defines functionality. ** The SECDIR review thread (https://secure-web.cisco.com/1_GwvGpT-z-X4CEUUFEmC3x1LgmHaLz1AEM3yXervjvEaH1l7Hcl6gALngJVJ4vjea_9WUEdXCh5KiQyS-L4mt9Pjq37pO9OjyLSD5apFRzIlvZ8KL6UYSDm5RpcsNwtE9DWJq6w-Ug_tlRBnud980eSmiBr-jyimL7hbm1AxbTgTPXxEDLCPxgxLtTbUr1aktlvBn85xvLm4kRSx8ENUDJE6SHE1WlHkGPXNwdk97M7wDxrVHB2wouNMm1Ho72ybVuYqkVEQzwSrau3RhzqMyKQKm22pgRqUsG35mM12pDY/https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Fsecdir%2FlqQBoljsw6aP2bgiVQOMzHBKpWU%2F <https://secure-web.cisco.com/1_GwvGpT-z-X4CEUUFEmC3x1LgmHaLz1AEM3yXervjvEaH1l7Hcl6gALngJVJ4vjea_9WUEdXCh5KiQyS-L4mt9Pjq37pO9OjyLSD5apFRzIlvZ8KL6UYSDm5RpcsNwtE9DWJq6w-Ug_tlRBnud980eSmiBr-jyimL7hbm1AxbTgTPXxEDLCPxgxLtTbUr1aktlvBn85xvLm4kRSx8ENUDJE6SHE1WlHkGPXNwdk97M7wDxrVHB2wouNMm1Ho72ybVuYqkVEQzwSrau3RhzqMyKQKm22pgRqUsG35mM12pDY/https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Fsecdir%2FlqQBoljsw6aP2bgiVQOMzHBKpWU%2F> <https://secure-web.cisco.com/1_GwvGpT-z-X4CEUUFEmC3x1LgmHaLz1AEM3yXervjvEaH1l7Hcl6gALngJVJ4vjea_9WUEdXCh5KiQyS-L4mt9Pjq37pO9OjyLSD5apFRzIlvZ8KL6UYSDm5RpcsNwtE9DWJq6w-Ug_tlRBnud980eSmiBr-jyimL7hbm1AxbTgTPXxEDLCPxgxLtTbUr1aktlvBn85xvLm4kRSx8ENUDJE6SHE1WlHkGPXNwdk97M7wDxrVHB2wouNMm1Ho72ybVuYqkVEQzwSrau3RhzqMyKQKm22pgRqUsG35mM12pDY/https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Fsecdir%2FlqQBoljsw6aP2bgiVQOMzHBKpWU%2F> <https://secure-web.cisco.com/1_GwvGpT-z-X4CEUUFEmC3x1LgmHaLz1AEM3yXervjvEaH1l7Hcl6gALngJVJ4vjea_9WUEdXCh5KiQyS-L4mt9Pjq37pO9OjyLSD5apFRzIlvZ8KL6UYSDm5RpcsNwtE9DWJq6w-Ug_tlRBnud980eSmiBr-jyimL7hbm1AxbTgTPXxEDLCPxgxLtTbUr1aktlvBn85xvLm4kRSx8ENUDJE6SHE1WlHkGPXNwdk97M7wDxrVHB2wouNMm1Ho72ybVuYqkVEQzwSrau3RhzqMyKQKm22pgRqUsG35mM12pDY/https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Fsecdir%2FlqQBoljsw6aP2bgiVQOMzHBKpWU%2F>>) suggested additional language around a published redaction policy. Recognizing the operational details noted in https://secure-web.cisco.com/1kdFq10skL6DJ2dT3zEbyv0ozMiynN_lG9QyiTc7JQuN8Bq7CvqjoEQH3lio7ptVurMkw-DXd6Z5a7aFGn5il7CGS7wvDWdSkiG3R_wYB_iw128Zxm3Gk-I6eFGBNLgpw1drGvN16Dc6ragGBnnC4hMW_3KhhkEqN1tAdNT7pLSlPe4g0e-8oqHnVM7HgBVBVhm10FBp6kw5-PKNUWo4TsU9eCgTecfgsNlwddYp0oELbdObJ6iAZVFuAOg_AdE8TiWyjlyu8s2JiteD3lLGufnt11aZUnBcJZS1oAoK0WAE/https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Fsecdir%2Ff3--V4Wfzk_m6cBGQCj-FTldRFM%2F <https://secure-web.cisco.com/1kdFq10skL6DJ2dT3zEbyv0ozMiynN_lG9QyiTc7JQuN8Bq7CvqjoEQH3lio7ptVurMkw-DXd6Z5a7aFGn5il7CGS7wvDWdSkiG3R_wYB_iw128Zxm3Gk-I6eFGBNLgpw1drGvN16Dc6ragGBnnC4hMW_3KhhkEqN1tAdNT7pLSlPe4g0e-8oqHnVM7HgBVBVhm10FBp6kw5-PKNUWo4TsU9eCgTecfgsNlwddYp0oELbdObJ6iAZVFuAOg_AdE8TiWyjlyu8s2JiteD3lLGufnt11aZUnBcJZS1oAoK0WAE/https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Fsecdir%2Ff3--V4Wfzk_m6cBGQCj-FTldRFM%2F> <https://secure-web.cisco.com/1kdFq10skL6DJ2dT3zEbyv0ozMiynN_lG9QyiTc7JQuN8Bq7CvqjoEQH3lio7ptVurMkw-DXd6Z5a7aFGn5il7CGS7wvDWdSkiG3R_wYB_iw128Zxm3Gk-I6eFGBNLgpw1drGvN16Dc6ragGBnnC4hMW_3KhhkEqN1tAdNT7pLSlPe4g0e-8oqHnVM7HgBVBVhm10FBp6kw5-PKNUWo4TsU9eCgTecfgsNlwddYp0oELbdObJ6iAZVFuAOg_AdE8TiWyjlyu8s2JiteD3lLGufnt11aZUnBcJZS1oAoK0WAE/https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Fsecdir%2Ff3--V4Wfzk_m6cBGQCj-FTldRFM%2F> <https://secure-web.cisco.com/1kdFq10skL6DJ2dT3zEbyv0ozMiynN_lG9QyiTc7JQuN8Bq7CvqjoEQH3lio7ptVurMkw-DXd6Z5a7aFGn5il7CGS7wvDWdSkiG3R_wYB_iw128Zxm3Gk-I6eFGBNLgpw1drGvN16Dc6ragGBnnC4hMW_3KhhkEqN1tAdNT7pLSlPe4g0e-8oqHnVM7HgBVBVhm10FBp6kw5-PKNUWo4TsU9eCgTecfgsNlwddYp0oELbdObJ6iAZVFuAOg_AdE8TiWyjlyu8s2JiteD3lLGufnt11aZUnBcJZS1oAoK0WAE/https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Fsecdir%2Ff3--V4Wfzk_m6cBGQCj-FTldRFM%2F>>, I would recommend adding an Operational Consideration sections saying something to the effect of: NEW (rough text) Operational Considerations RDAP server operators MAY choose to publish a redaction policy describing how this extension is implemented for their constituency. The contents of such a policy are outside the scope of this specification. JG - This can be added to Section 4.2 "redacted" Member, with the tweak of changing "RDAP server operators" to "The server" to be consistent with other server references in the draft, so the full paragraph in Section 4.2 "redacted" Member would read: The server including a redacted signal provides an unauthorized client additional information related to the existence of data and MAY exclude the redacted members for RDAP fields that are considered a privacy issue in providing a data existence signal. The server MAY choose to publish a redaction policy describing how this extension is implemented for their constituency. The contents of such a policy are outside the scope of this specification. _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
