ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call: <draft-ietf-weirds-rdap-query-15.txt> (Registration Data Access Protocol Query Format) to Proposed Standard

2014-10-26 16:22:23
from [Andy Newton] [Permanent Link] 
I missed this due to all the HTML in the email...



How about this?

OLD:
"Implementers need to consider the policy and privacy implications of
returning information that was not explicitly requested."

NEW:
"Implementers need to consider the policy and privacy implications of
returning information that was not explicitly requested. Clients should
only receive information that they are explicitly authorized to receive."


AlmostŠ²Servers should only send information that clients are explicitly
authorized to receive.²

The way it is worded is impossible to "enforce."


How does this work with anonymous access to public information, which is
how this information is served today? How do I ³explicitly" authorize an
anonymous user? I think the old text above is good enough and find the
next text (both versions) to be confusing.

-andy
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: suggestion for the next IETFs, Hosnieh Rafiee
Next by Date:  Re: Last Call: <draft-ietf-weirds-rdap-query-15.txt> (Registration Data Access Protocol Query Format) to Proposed Standard, Edward Lewis
Previous by Thread:  Re: [weirds] Last Call: <draft-ietf-weirds-rdap-query-15.txt> (Registration Data Access Protocol Query Format) to Proposed Standard, Andrew Newton
Next by Thread:  Re: Last Call: <draft-ietf-weirds-rdap-query-15.txt> (Registration Data Access Protocol Query Format) to Proposed Standard, Edward Lewis
Indexes:  [Date] [Thread] [Top] [All Lists]