ietf-asrg
[Top] [All Lists]

Re: [Asrg] draft-irtf-asrg-bcp-blacklists-00

2004-05-05 11:49:01
Hallam-Baker, Phillip wrote:

Hallam-Baker, Phillip wrote:

Barry is right about plaintifs using the BCP in littigation,
I would also expect to see the IETF drawn into littigation if
it published a BCP that endorsed collateral damage or keeping
the identity of a blacklist secret to avoid littigation.


Can you give an example of any other IETF BCP or any other IETF document used in litigation? For example was any ISP ever sued for not following guidelines in RFC 3013 (BCP 46) - "Recommended Internet Service Provider Security Services and Procedures"?


Can you think of any other instance where vexatious lawsuits
have been started so freely?

Having the law on your side does not mean that it will not cost
a huge sum to defend. The IETF cannot afford $500,000 defending
itself in an unnecessary lawsuit.


There is another BCP that has a similar problem - RFC 2148/BCP 15 -
"Deployment of the Internet White Pages Service". In particular is
starts off with the following:

"1. An organization SHOULD publish public E-mail addresses and
 other public address information about Internet users within their site."

As many of us are aware, there are numerous laws that may forbid that
(not counting the possibility of harvesting). This is why the next
paragraph of the BCP addresses that:

"2. Most countries have laws concerning publication of information about
persons. Above and beyond these, the organization SHOULD follow the
recommendations of [1]."

Section 6 expands on this in detail, with snippets like:

"Every maintainer of IWPS information should publish data according to
the national law of the country in which the local database which holds
the information resides."

THEREFORE, to resolve this issue in regards to this particular document,
it might be sufficient to include a similar section discussing the legal
issues and make it clear that the local laws of whatever country the
blacklist list operator is in, override the recommendations and that the
BCP is not meant to go against any existing law.



In any case, at this time this is a research document within the scope of the ASRG's charter.


I will still strongly advise that it be suppressed, regardless
of the contents.


See RFC 2014, section 3, first paragraph.

Yakov

--
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"Some lies are easier to believe than the truth" (Dune)

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg