ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call: <draft-ietf-weirds-rdap-query-15.txt> (Registration Data Access Protocol Query Format) to Proposed Standard

2014-10-26 16:23:45
from [Edward Lewis] [Permanent Link] 
As far as HTML in email, I just don’t care anymore. ;)

If by “public information” you mean information that anyone can access,
then an anonymous user is explicitly permitted to be sent it.  If by
“anonymous” you mean a user without a proven identity, then any
information deemed consumable by the general public is explicitly
permitted to be sent.

Just being pedantic.

Perhaps the second sentence is redundant, but I do see a difference (which
may be moot) in placing restrictions on what is sent vs. what can be
received.

From:  Andy Newton <andy(_at_)arin(_dot_)net>
Date:  Friday, October 24, 2014 at 14:00
To:  Edward Lewis <edward(_dot_)lewis(_at_)icann(_dot_)org>, "Hollenbeck, Scott"
<shollenbeck(_at_)verisign(_dot_)com>, "ietf(_at_)ietf(_dot_)org" 
<ietf(_at_)ietf(_dot_)org>,
"iesg(_at_)ietf(_dot_)org" <iesg(_at_)ietf(_dot_)org>
Cc:  "weirds(_at_)ietf(_dot_)org" <weirds(_at_)ietf(_dot_)org>
Subject:  Re: Last Call: <draft-ietf-weirds-rdap-query-15.txt>
(Registration Data Access Protocol Query Format) to Proposed Standard



I missed this due to all the HTML in the email...



How about this?

OLD:
"Implementers need to consider the policy and privacy implications of
returning information that was not explicitly requested."

NEW:
"Implementers need to consider the policy and privacy implications of
returning information that was not explicitly requested. Clients should
only receive information that they are explicitly authorized to
receive."


AlmostŠ²Servers should only send information that clients are explicitly
authorized to receive.²

The way it is worded is impossible to "enforce."


How does this work with anonymous access to public information, which is
how this information is served today? How do I ³explicitly" authorize an
anonymous user? I think the old text above is good enough and find the
next text (both versions) to be confusing.

-andy

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: <draft-ietf-weirds-rdap-query-15.txt> (Registration Data Access Protocol Query Format) to Proposed Standard, Andy Newton
Next by Date:  Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard, joel jaeggli
Previous by Thread:  Re: Last Call: <draft-ietf-weirds-rdap-query-15.txt> (Registration Data Access Protocol Query Format) to Proposed Standard, Andy Newton
Next by Thread:  Re: Last Call: <draft-ietf-weirds-rdap-query-15.txt> (Registration Data Access Protocol Query Format) to Proposed Standard, Andy Newton
Indexes:  [Date] [Thread] [Top] [All Lists]