John,
It is hard, and maybe impossible, to argue against the IETF
having an established privacy policy, so I agree with Melinda's
"about time".
However, while administering such a policy (to the degree to
which such a thing is needed) is a reasonable task for the IETF
community to assign to the IAOC (or Trust), those bodies are
quite explicitly not supposed to be represent or determine
community consensus: they are administrative, administrative
only, and part of a structure erected to handle administrative
tasks.
So, while the RFC process may not be appropriate for handling a
privacy policy (I'm actually not convinced it is not, but that
is another matter), unless we are really going top-down around
here, the responsibility for determining community consensus
about such a policy for the IETF community and setting it has to
stay with the IESG. I just don't see any way to avoid that.
With no hats on, I agree with you that this should go through the consensus
process. If the IETF chooses to go forward with this or something similar, it
should get lots of review and consideration. It has the potential to have lots
on unintended consequences.
I will hold off on commenting on the proposal itself until I have read it.
Bob
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf