ietf
[Top] [All Lists]

Re: Proposed IETF Privacy Policy for Review

2016-03-17 11:32:29
On 3/17/16 05:34, Stephane Bortzmeyer wrote:
On Wed, Mar 16, 2016 at 01:14:17PM -0500,
  Adam Roach <adam(_at_)nostrum(_dot_)com> wrote
  a message of 149 lines which said:

I certainly hope that this means to say "IETF will store hashed
versions of these passwords and does not make them available to the
public."
I don't think it is a good idea, in a policy document, to be too
specific about the technical measures we take (because they may change
often).

Sure, the level of technical detail can probably be scaled back a bit, but I think it's relevant for a privacy policy to indicate that password information is stored in an obscured form according to industry best practices.

/a