Dotzero wrote:
I've been following this discussion with interest and consciously
avoiding wading in.
I do have one question. Is the object of the exercise to come up with
a BCP from a technical/operations perspective or is the object of the
exercise to craft a document specifically with legal ramifications in
mind? If it is the later I'm going to have to ask which legal
jurisdiction it is being crafted for? (ok, two questions)
The intent is an operational (not protocol/technical) perspective, with
a nod to minimize or at least clarify possible legal difficulties.
As for which jurisdiction: a hypothetical alternate universe where the
law makes logical sense. If that's not an oxymoron ;-)
On a more serious vein, as it doesn't claim to be legal advise (and no
longer mentions law/legal at all), and intentionally doesn't get into
enough detail or specifics to be legal doctrine anyway. At least it
helps in having people thinking in the right direction.
You don't need to be a physicist and quote gravitational equations in
order to advise people that jumping off the empire state building has
some risk involved.
Similarly, you don't need to be a lawyer to tell a DNSBL operator whose
documentation says it lists for one specific condition _only_, that
listing someone for anything else is a bad idea and exposes them to
increased risk. I can think of one DNSBL operator who could have
benefited from that advice, and probably avoided a whole lot of trouble.
In a jurisdiction other than mine or yours.
Or that by claiming the notion that a DNSBL user is primarily
responsible for the consequences of a listing (and is also held harmless
by the CDA anyway) might make a potential plaintiff decide _not_ to sue.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/asrg