>> I think
>> is very likely (if not certain) that right now the IETF is operating
>> in violation of the European Union's Data Protection Directive,
> nope, never while they're in the U.S. National data protection laws
do
> not apply
On Jul 16, 2010, at 12:59 AM, Martin Rex wrote:
is very likely (if not certain) that right now the IETF is operating
in violation of the European Union's Data Protection Directive,
nope, never while they're in the U.S. National data protection laws
do
not apply for someone operating entirel
John Morris wrote:
>
> 1. As a general matter, many organizations that interact with lots of
> people (especially collecting financial information from them) use a
> broad range of written policies to reduce risk, by plainly stating a
> position on an issue so that employees have clear guid
I'm not really keen on getting involved in this discussion any more
than I have been, but I can't help noting one thing:
On Thu, Jul 15, 2010 at 11:50:58PM +0100, John Morris wrote:
> 2. We have many examples of leading banks, stores, and others
> mishandling credit card and other records, so
Paul,
You appear to be concerned about exposing the IETF to risk by the
adoption of a privacy policy (but apologies if I am misunderstanding
the concern you expressed). The absence of a privacy policy, however,
actually increases risk to the IETF in at least three ways:
1. As a general
> At 3:36 PM +0100 7/15/10, Alissa Cooper wrote:
>> If you have specific ideas of other spots where the document over-promises,
>> a list would be appreciated. I can take further clarifications back to the
>> secretariat or whoever the responsible party is.
> For me, the biggest over-promise is
At 3:36 PM +0100 7/15/10, Alissa Cooper wrote:
>If you have specific ideas of other spots where the document over-promises, a
>list would be appreciated. I can take further clarifications back to the
>secretariat or whoever the responsible party is.
For me, the biggest over-promise is that someo
Hi Stephan,
On Jul 6, 2010, at 3:53 PM, Stephan Wenger wrote:
Hi,
I think this is an excellent straw man for an IETF privacy policy.
I have,
however, two issues with its adoption that makes me question the
wisdom of
an unqualified "+1".
Thanks.
First, I'm not quite sure whether the I
+1 also
Monique
-Original Message-
From: ietf-boun...@ietf.org on behalf of Fred Baker (fred)
Sent: Thu 7/8/2010 12:07 PM
To: IETF-Discussion list
Subject: Re: IETF privacy policy - update
+1 for a privacy policy. As to the question of this particular one, I'm going
to profess
A few more privacy policies for comparison:
ISO -- http://www.iso.org/iso/support/privacy_policy.htm
IEEE -- http://www.ieee.org/security_privacy.html?WT.mc_id=hpf_priv
Note that IEEE uses a "layered" notice to some extent, which is fairly
popular among privacy policy authors these days -- a l
On Fri, Jul 9, 2010 at 6:45 PM, Fred Baker wrote:
> To bring matters back to the topic, the discussion was on Alissa's draft, and
> I was
>looking for comparable privacy statements to compare. My question was "is this
>a
>reasonable statement? Are there things it could have said more simply? A
On Jul 8, 2010, at 11:06 PM, Henk Uijterwaal wrote:
> RIPE is an open group of people interested in IP based networks in Europe
> and surrounding areas. There is no formal membership, work is done by
> volunteers, anybody who is interested can join the mailing lists and
> participate, anybody w
On 9 jul 2010, at 08.06, Henk Uijterwaal wrote:
> On 08/07/2010 22:24, Fred Baker wrote:
>>
>> On Jul 8, 2010, at 1:18 PM, Melinda Shore wrote:
>>
>>> On Jul 8, 2010, at 12:08 PM, Fred Baker wrote:
Boy, would they dispute that. ITU has claimed that the IETF is not an
open organization
On 08/07/2010 22:24, Fred Baker wrote:
>
> On Jul 8, 2010, at 1:18 PM, Melinda Shore wrote:
>
>> On Jul 8, 2010, at 12:08 PM, Fred Baker wrote:
>>> Boy, would they dispute that. ITU has claimed that the IETF is not an
>>> open organization because a government cannot join it. Most membership
>>>
aul Hoffman"
; "IETF-Discussion list"
Sent: Thursday, July 08, 2010 4:24 PM
Subject: Re: IETF privacy policy - update
On Jul 8, 2010, at 1:18 PM, Melinda Shore wrote:
On Jul 8, 2010, at 12:08 PM, Fred Baker wrote:
Boy, would they dispute that. ITU has claimed that the IETF is not an
jean-michel bernier de portzamparc wrote:
>
> However, from our own JEDI's (so-labelled "Jefsey's disciples") experience I
> would suggest some kind of "ietf privacy netiquette". It could be equivalen
> to architectural quotes like "dumb network", "end to end", "protocol on the
> wire", "rough con
> I would have to assume it is the only forum in the world in which they
> expect that level of anonymity
aside from payment possibly uncloaking you, i am not aware of an ops
meeting that checks id or even considers the issue interesting.
randy
___
Ietf
On Thu, 8 Jul 2010, Larry Smith wrote:
> Appears to me this conversation/thread is leaning toward "open" being
> used synonymous to "anonymous"
Not to me ... open means any can participate ... doesn't mean
that other participants can't know who they are.
People come with experience and res
On Thu July 8 2010 15:24, Fred Baker wrote:
> On Jul 8, 2010, at 1:18 PM, Melinda Shore wrote:
> > On Jul 8, 2010, at 12:08 PM, Fred Baker wrote:
> >> Boy, would they dispute that. ITU has claimed that the IETF is not an
> >> open organization because a government cannot join it. Most membership
>
On Jul 8, 2010, at 1:18 PM, Melinda Shore wrote:
> On Jul 8, 2010, at 12:08 PM, Fred Baker wrote:
>> Boy, would they dispute that. ITU has claimed that the IETF is not an open
>> organization because a government cannot join it. Most membership
>> organizations, RIPE, being an example, have a d
On Jul 8, 2010, at 12:08 PM, Fred Baker wrote:
> Boy, would they dispute that. ITU has claimed that the IETF is not an open
> organization because a government cannot join it. Most membership
> organizations, RIPE, being an example, have a definition of how someone can
> become a member (members
On Jul 8, 2010, at 12:32 PM, Melinda Shore wrote:
> On Jul 8, 2010, at 11:25 AM, Fred Baker wrote:
>> Walking into an ITU meeting, I have to show a passport and have a permanent
>> photographic record taken. If I want to participate in RIPE's general
>> meeting, I have to register, and I can ex
On 2010-07-08 12:25, Fred Baker wrote:
On Jul 7, 2010, at 10:11 PM, joel jaeggli wrote:
Do some people not come because attendance is a matter of public
record?
Frankly, if people are not attending for that reason and that reason
alone, I have some questions. I would have to assume it is the
On Jul 8, 2010, at 11:25 AM, Fred Baker wrote:
> Walking into an ITU meeting, I have to show a passport and have a permanent
> photographic record taken. If I want to participate in RIPE's general
> meeting, I have to register, and I can expect to find myself in RIPE's
> attendee list. That is t
On Jul 7, 2010, at 10:11 PM, joel jaeggli wrote:
> Do some people not come because attendance is a matter of public record?
Frankly, if people are not attending for that reason and that reason alone, I
have some questions. I would have to assume it is the only forum in the world
in which they
On Jul 8, 2010, at 11:05 AM, jean-michel bernier de portzamparc wrote:
> However, from our own JEDI's (so-labelled "Jefsey's disciples") experience I
> would suggest some kind of "ietf privacy netiquette". It could be equivalen
> to architectural quotes like "dumb network", "end to end", "protoco
+1 on all counts.
Now looking forward to a debate over the ASCII art... ;-)
On 7/8/10 1:07 PM, Fred Baker wrote:
> +1 for a privacy policy. As to the question of this particular one,
> I'm going to profess some level of ignorance. I suggested starting
> from Google, Cisco, and/or ISOC's privacy p
+1 for a privacy policy. As to the question of this particular one, I'm going
to profess some level of ignorance. I suggested starting from Google, Cisco,
and/or ISOC's privacy policies and editing from there, and someone said I
should pick a more appropriate starting point. What would be approp
I tend to agree with Andrew and Marshall.
However, from our own JEDI's (so-labelled "Jefsey's disciples") experience I
would suggest some kind of "ietf privacy netiquette". It could be equivalen
to architectural quotes like "dumb network", "end to end", "protocol on the
wire", "rough consensus", e
On Jul 8, 2010, at 11:15 AM, Andrew Sullivan wrote:
On Thu, Jul 08, 2010 at 11:59:12AM +0300, Yoav Nir wrote:
Without a privacy policy, it's hard to say whether that is
acceptable or not.
I keep seeing arguments of this sort in the current thread, and it
seems to me to be backwards. Surely
On 2010-07-08 01:59, Yoav Nir wrote:
> I personally don't care if the whole world knows I've been to an IETF
meeting, but the decision to publish the list on the website has
privacy consequences. Without a privacy policy, it's hard to say
whether that is acceptable or not.
Or you could just re
On Thu, Jul 08, 2010 at 11:59:12AM +0300, Yoav Nir wrote:
> Without a privacy policy, it's hard to say whether that is
> acceptable or not.
I keep seeing arguments of this sort in the current thread, and it
seems to me to be backwards. Surely it is not the privacy _policy_
that determines wheth
(Wearing no hats)
On 08/07/2010 10:59, Yoav Nir wrote:
>
> On July 08, 2010 12:42 AM joel jaeggli wrote:
>> the fact that you signed up for the meeting is publicly available so that
>> we don't sell mailing lists to spammers seems sort of irrelevant.
The attendee list does not contain email adre
On 07/07/2010 06:57 PM, Iljitsch van Beijnum wrote:
In the meantime, BGP and HTTP, to name just two of the protocols without which
the internet and the web wouldn't exist, still don't have standard status.
>
What do we want to spend our time on? Create more text that people will end up
readin
On July 08, 2010 12:42 AM joel jaeggli wrote:
> On 2010-07-07 12:53, Ole Jacobsen wrote:
>>
>> Sam,
>>
>> I view this more or less as "standard boilerplate", something you find
>> in a lot of "online places". I think it is reasonable to expect that
>> if you register for a meeting your personal i
On 2010-07-07 12:59, Paul Hoffman wrote:
Do some people not come to IETF meetings because of the current null
privacy policy?
Do some people not come because attendance is a matter of public record?
Do they say less than they would have if we had a
typical non-null policy?
do people not sp
On Jul 5, 2010, at 10:05 AM, Alissa Cooper wrote:
> A few months ago I drew up a strawman proposal for a public-facing IETF
> privacy policy (http://www.ietf.org/id/draft-cooper-privacy-policy-00.txt).
> I've submitted an update based on feedback received:
> http://www.ietf.org/id/draft-cooper
> Perhaps the better question is, do some people not sign the blue
> sheets because of whatever they think the current privacy policy is?
or use bogus sig on blue sheet. yes. the rfid discussion pushed me
over the tolerance line on this class of issues in the ietf.
randy
_
Sam, Paul,
I did not mean to misrepresent your positions. I honestly understood
them to be as I stated, but I was wrong. My apologies for that.
And yes, I agree with Paul that privacy policies are generally not
worth all that much -- indeed, my organization (as well as, for
example, the
On Wed, Jul 07, 2010 at 02:30:30PM -0700, Paul Hoffman wrote:
>If the cost is near-zero
Given the number of messages so far, the denial of the antecedent is
already assured. There is a clearly non-zero cost to this effort.
(This is not an argument about whether a privacy policy is needed;
it's s
Hi Paul,
On Jul 7, 2010, at 8:59 PM, Paul Hoffman wrote:
Do some people not come to IETF meetings because of the current null
privacy policy?
Perhaps the better question is, do some people not sign the blue
sheets because of whatever they think the current privacy policy is?
The issue of
> "John" == John Morris writes:
John> Paul, Sam, I understand your arguments to bascially be "we've
John> never had an internal privacy problem here at the IETF, and as
John> far as I know no one decides not to participate because of the
John> lack of a privacy policy, so we h
On 2010-07-07 12:53, Ole Jacobsen wrote:
Sam,
I view this more or less as "standard boilerplate", something you find
in a lot of "online places". I think it is reasonable to expect that
if you register for a meeting your personal info (e-mail address
mostly) won't be sold/used/harvested by some
At 4:52 PM -0400 7/7/10, John Morris wrote:
>I understand your arguments to bascially be "we've never had an internal
>privacy problem here at the IETF, and as far as I know no one decides not to
>participate because of the lack of a privacy policy, so we have no need to
>follow basic standards
Paul, Sam,
I understand your arguments to bascially be "we've never had an
internal privacy problem here at the IETF, and as far as I know no one
decides not to participate because of the lack of a privacy policy, so
we have no need to follow basic standards of privacy hygiene."
What woul
> "Ole" == Ole Jacobsen writes:
Ole> Sam,
Ole> I view this more or less as "standard boilerplate", something
Ole> you find in a lot of "online places". I think it is reasonable
Ole> to expect that if you register for a meeting your personal info
Ole> (e-mail address mostl
On Jul 7, 2010, at 11:59 AM, Paul Hoffman wrote:
> Given that getting such a policy is not free, and will cause cycles to be
> lost from other IETF work, [ ... ]
That's the second time I've seen someone suggest that and I
wonder how true it is.
Melinda
_
At 3:49 PM -0400 7/7/10, Sam Hartman wrote:
>Generally when I look for an idea of whether work is a good idea I look
>for a clear statement of benefit. I'll admit that I don't find privacy
>policies so valuable that I think everyone should have one. So, I'll
>ask how will or work be improved or w
Sam,
I view this more or less as "standard boilerplate", something you find
in a lot of "online places". I think it is reasonable to expect that
if you register for a meeting your personal info (e-mail address
mostly) won't be sold/used/harvested by someone for purposes other
than what you th
> "Iljitsch" == Iljitsch van Beijnum writes:
Iljitsch> On 7 jul 2010, at 17:23, John Morris wrote:
>> Well, as someone who believes that *all* websites and
>> online-operating organizations should have a clear and accessible
>> privacy policy, I think it is beyond embarrassing
On Jul 7, 2010, at 8:57 AM, Iljitsch van Beijnum wrote:
> In the meantime, BGP and HTTP, to name just two of the protocols without
> which the internet and the web wouldn't exist, still don't have standard
> status.
I think I'd probably argue that the context has changed. It
wasn't *that* long
On 7 jul 2010, at 17:23, John Morris wrote:
> Well, as someone who believes that *all* websites and online-operating
> organizations should have a clear and accessible privacy policy, I think it
> is beyond embarrassing that the IETF does not have one.
The IETF got along without one for two dec
Well, as someone who believes that *all* websites and online-operating
organizations should have a clear and accessible privacy policy, I
think it is beyond embarrassing that the IETF does not have one. As
an organization that tries pretty hard to be sensitive to the privacy
impacts of the
On 7 jul 2010, at 16:32, John Morris wrote:
> And, if you indeed think that something is missing, perhaps you could suggest
> some language to address your concern, rather than just dismiss the entire
> effort.
I think it's completely legitimate to question whether efforts like this are
worth
The draft, and the message that you responded to (but failed to quote
fully), says:
Meeting registration information other than credit card information
is permanently retained (including cancelled registrations). Credit
card processing records are retained for 18 months.
This seems to
On 7 jul 2010, at 14:02, Alissa Cooper wrote:
> Data retention is addressed explicitly in section 5:
> What's missing?
What I said: the stuff that gets asked for during registration and payment.
Apparently I didn't notice the link to the IETF trust. However, I don't see the
point of having a d
Data retention is addressed explicitly in section 5:
5. Data retention
All log files of automatically collected data about our site
visitors
are deleted every 1-3 months on average. Aggregated data about
visitors to our web site which cannot be linked back to individual
visitor
On 6 jul 2010, at 23:45, joel jaeggli wrote:
>> What I'm missing is what happens with the information described under
>> "Registering to attend a meeting or social event:", there are no
>> retention periods mentioned (that I noticed).
> the trust's records retention policy already deals with regi
On 7/6/2010 2:45 PM, joel jaeggli wrote:
> On 2010-07-06 03:56, Iljitsch van Beijnum wrote:
>> On 5 jul 2010, at 18:05, Alissa Cooper wrote:
>>
>>> 1) Respond on this list if you support the idea of the IETF having
>>> a privacy policy (a simple "+1" will do).
>>
>> I'm torn between "good to have
On 2010-07-06 03:56, Iljitsch van Beijnum wrote:
On 5 jul 2010, at 18:05, Alissa Cooper wrote:
1) Respond on this list if you support the idea of the IETF having
a privacy policy (a simple "+1" will do).
I'm torn between "good to have this written down" and "do we really
need to go out and lo
On Tue, Jul 6, 2010 at 1:11 AM, Alissa Cooper wrote:
> Obviously, I started this process as an I-D, so I'm not necessarily opposed
> to having the privacy policy exist as an RFC. But in conversations with the
> IAOC and others, it seemed as though the RFC process might have two
> drawbacks for thi
John,
> It is hard, and maybe impossible, to argue against the IETF
> having an established privacy policy, so I agree with Melinda's
> "about time".
>
> However, while administering such a policy (to the degree to
> which such a thing is needed) is a reasonable task for the IETF
> community to a
+1 on having a privacy policy in the first place
+1 on this possible approach on the procedural questions (although
other approaches migth well be fine):
On Jul 6, 2010, at 4:11 AM, Alissa Cooper wrote:
With that said, laying out the core of the policy in an RFC and then
having a speedier m
On 7/6/2010 6:38 AM, Karen O'Donoghue wrote:
> +1 on the IETF having a privacy policy.
>
> I am undecided on the best mechanisms to develop, document, and
> maintain that policy.
I am not... We need to create the Privacy Working Group and it will
produce a non-RFC based work product which is the
this makes sense to me, fwiw.
john
--On Monday, July 05, 2010 2:28 PM -0400 Marshall Eubanks
wrote:
>
>...
> I assume (for I do not know) that people are worried about
> time involved in bringing a new RFC to publication.
>
> I don't see why this couldn't be divided in the way that the
>
Hi,
I think this is an excellent straw man for an IETF privacy policy. I have,
however, two issues with its adoption that makes me question the wisdom of
an unqualified "+1".
First, I'm not quite sure whether the IETf should adopt such a document
without providing clear guidelines to its I* peop
+1 on the IETF having a privacy policy.
I am undecided on the best mechanisms to develop, document, and maintain
that policy.
Karen
On 7/5/10 12:05 PM, Alissa Cooper wrote:
A few months ago I drew up a strawman proposal for a public-facing
IETF privacy policy
(http://www.ietf.org/id/draft-c
On Jul 5, 2010, at 12:05 PM, Alissa Cooper wrote:
> 1) Respond on this list if you support the idea of the IETF having a privacy
> policy (a simple "+1" will do).
+1. It's surprising it took us this long. And this is one of the few groups
where people might actually read such a policy!
__
On 5 jul 2010, at 18:05, Alissa Cooper wrote:
> 1) Respond on this list if you support the idea of the IETF having a privacy
> policy (a simple "+1" will do).
I'm torn between "good to have this written down" and "do we really need to go
out and look for more process work".
> 2) If you have co
Alissa,
Thanks very much for your elaboration. I would agree with your
conclusion at the bottom of your note:
> With that said, laying out the core of the policy in an RFC and then
> having a speedier mechanism to publish changes (which can also be
> incorporated into the core policy when the R
Obviously, I started this process as an I-D, so I'm not necessarily
opposed to having the privacy policy exist as an RFC. But in
conversations with the IAOC and others, it seemed as though the RFC
process might have two drawbacks for this kind of document:
1) While the RFC process is commun
On 7/5/10 6:05 PM, Alissa Cooper wrote:
>
> 1) Respond on this list if you support the idea of the IETF having a
> privacy policy (a simple "+1" will do).
+1.
>
> 2) If you have comments and suggestions about the policy itself, send
> them to this list.
Our lingua franca are internet-drafts & R
--On Monday, July 05, 2010 11:40 AM -0700 Dave CROCKER
wrote:
> Marshall,
>
> On 7/5/2010 11:28 AM, Marshall Eubanks wrote:
>> I assume (for I do not know) that people are worried about
>> time involved in bringing a new RFC to publication.
>
> The IESG often states that it is not difficult t
Hi Alissa,
At 09:05 05-07-10, Alissa Cooper wrote:
A few months ago I drew up a strawman proposal for a public-facing
IETF privacy policy
(http://www.ietf.org/id/draft-cooper-privacy-policy-00.txt ). I've
submitted an update based on feedback received:
http://www.ietf.org/id/draft-cooper-priva
Marshall,
On 7/5/2010 11:28 AM, Marshall Eubanks wrote:
I assume (for I do not know) that people are worried about time involved in
bringing a new RFC to publication.
The IESG often states that it is not difficult to bring an RFC to publication.
In any event, what makes this document more urg
On Jul 5, 2010, at 2:16 PM, Dave CROCKER wrote:
On 7/5/2010 9:05 AM, Alissa Cooper wrote:
In discussing the policy with the IAOC and others, it seems clear
that the RFC
model is probably not the best model for maintaining and updating a
document
like this.
While I could imagine that
On 7/5/2010 9:05 AM, Alissa Cooper wrote:
In discussing the policy with the IAOC and others, it seems clear that the RFC
model is probably not the best model for maintaining and updating a document
like this.
While I could imagine that you are correct, the answer isn't at all clear to me.
P
--On Monday, July 05, 2010 5:05 PM +0100 Alissa Cooper
wrote:
> A few months ago I drew up a strawman proposal for a
> public-facing IETF privacy policy
> (http://www.ietf.org/id/draft-cooper-privacy-policy-00.txt).
> I've submitted an update based on feedback received:
> http://www.ietf.org/id
Alissa Cooper wrote:
1) Respond on this list if you support the idea of the IETF having a
privacy policy (a simple "+1" will do).
+1
It's time, I think.
Melinda
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
79 matches
Mail list logo
