ietf
[Top] [All Lists]

Re: IETF privacy policy - still a bad idea

2010-07-23 23:42:28
On Sat, Jul 24, 2010 at 06:30:24AM +0200, Dave CROCKER wrote:
We should stop talking about this topic as if we were lawyers and start 
talking as if we cared about how agents of the IETF handle sensitive 
information.  That is what I understand the practical purpose of a 
privacy policy to be.

I'm about to exceed my self-imposed rate limit, so I'll not respond
again in this thread, but I half agree with the above.

If what we want is a statement of principles about what things the
IETF considers private and not private in the context of IETF
interactions, I think that's reasonable.  I understood his remarks as
meaning that this was also what Bob Hinden wanted (in his comments
on the I-D in question).  I don't think that's a privacy policy,
however, even if I might think it a good idea.

A privacy policy is normally something like what's in the I-D: it
specifies what the parties will do and will not do.  It sometimes even
specifies what happens when the policy is violated.  It is (or ought
to be, if useful) quite specific.  I haven't yet seen an argument that
convinces me that such a policy is something the IETF should have,
given that "the IETF" is a sort of hydra in which different policies
might apply depending on the head with which one interacted.

A

-- 
Andrew Sullivan
ajs(_at_)shinkuro(_dot_)com
Shinkuro, Inc.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf