Provisioning Registry Protocol (provreg)

Edward Lewis | 2 Jan 2003 21:50

Re: Updated (and hopefully the last) EPP Privacy Proposal

At 13:31 -0500 12/30/02, Joe Abley wrote:
>It might be worth mentioning that neither of these proposals touch the
>base EPP spec. I don't see how privacy concerns should stop the base EPP
>spec from proceeding, when it seems clear that their scope is limited to
>the object binding specifications which deal with data.

The crudest answer to this is that the IESG won't permit the 
documents to progress without addressing privacy concerns - whether 
or not the proposed solutions touch the base spec.  That is why we 
must address the problem.

--

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                          +1-703-227-9854
ARIN Research Engineer

Edward Lewis | 7 Jan 2003 20:40

privacy

Over the past few weeks the primary concern of the WG has been 
preparing an answer to the IESG comments.  The one sticking point has 
been the comment to provide privacy information at a more granular 
level that we now provide.

There was a meeting of the IESG members involved, your chairs, and 
Scott to review the state of the issue last month.  The outcome of 
that phone call was sent by Scott to the list.  I've seen responses 
from just two folks publicly and one privately.  I've been hoping for 
more - and more positive responses.

First I want to make it clear that Scott isn't pushing this issue 
back on to the table because we wants to.  This is an issue on which 
we are getting feedback from the IESG, and they hold sway over our 
documents, as in they have the final word.  They are reasonable 
folks, but they do hold the final word.

I promised Scott that I'd wait until today to let folks that have 
been out of the office over the past two weeks (plus a day to 
download all the pending mail) before prompting the group another 
time to consider this issue.

The crux of the issue is, there are situations in which a registrar 
may wish to alter the default privacy considerations for data when 
interacting with a registry.  Not all registrar-registry environments 
will need this flexibility, but there is a claim that some exist.  (I 
have no personal, first-hand knowledge of any such environments.)

How can we accomodate such environments?  That is the basic question.

(Continue reading)

Rick Wesson | 7 Jan 2003 22:43

Re: privacy

Ed,

I have some thoughts on this. I prefered the capability in scott's second
to the last proposal [1] -- I also have an issue with the IESG deciding
what in the most appropiate methodology.

finally I would appreciate it if the IESG would post these discussion to
the public list as private discussions are just that, private. Since we
are discussing the privacy of end-users information (that will eventually
be published in whois) it seems silly that we are not involved in the
discussion and decision process on this topic.

Lets put the proposal [1] back on the table and if the IESG has an issue
with it lets here from the IESG in this wg, not through our
DOCUMENT-EDITOR or the CHAIR but involve those members of the IESG that
have a problem with it.

-rick

[1] http://www.cafax.se/ietf-provreg/maillist/2002-12/msg00093.html

On Tue, 7 Jan 2003, Edward Lewis wrote:

> Over the past few weeks the primary concern of the WG has been
> preparing an answer to the IESG comments.  The one sticking point has
> been the comment to provide privacy information at a more granular
> level that we now provide.
>
> There was a meeting of the IESG members involved, your chairs, and

(Continue reading)

Edward Lewis | 7 Jan 2003 23:04

Re: privacy

Note that I cut off the IESG from the reply - this isn't something to 
clutter them up with.

In as mush as I appreciate where Rick's coming from, I'd just like to 
solve the problem at hand, the privacy issue.  Issues concerning the 
IESG interface (I admit that there are some in general) are being 
discussed elsewhere, i.e.:
    (problem-statement-request <at> alvestrand.no for subscriptions to that).

It's not that I don't want to hear about IESG interface problem - 
even though I really don't - it's that I don't want to hear about 
that issue here.  If you get my drift.

Okay, but I did say that we are stuck because the IESG has said we 
have to address their concerns.  I meant this to be the reason why 
Scott has had the unenviable task of raising once again the privacy 
issue.  I did not mean this to be a complaint about the IESG 
stonewalling us.  If the WG has sufficient reason for us to not 
address an IESG comment, we need to build a case for that.  It's not 
like the IESG can't change their mind about an issue.

As far as the privacy issue discussion, everything that was discussed 
between "us" has been posted to the provreg list.  BTW, the entire 
call was on clarifying the comments on privacy (which are on the mail 
list archive site).  No document modifying "decisions" or even 
suggestions were made.

Let me ask this of the WG group:

Is there a reason not to add more granularity to the privacy specification?

(Continue reading)

Patrik Fältström | 7 Jan 2003 23:28

Picon

Re: privacy

On tisdag, jan 7, 2003, at 22:43 Europe/Stockholm, Rick Wesson wrote:

> I have some thoughts on this. I prefered the capability in scott's 
> second
> to the last proposal [1] -- I also have an issue with the IESG deciding
> what in the most appropiate methodology.

What IESG want is _some_ mandatory to implement mechanism which makes 
it possible for the registrar to say to the registry "Do not disclose 
this attribute to a third party". If the wg want to have the mandatory 
to implement mechanism more powerful than that, fine. What is not ok is 
the protocol not having any mandatory to implement privacy mechanism in 
it, only extensions.

> finally I would appreciate it if the IESG would post these discussion 
> to
> the public list as private discussions are just that, private.

The issues IESG has are posted on the I-D tracker, and it is up to the 
editor and wg chair (and that way the wg) how to resolve the issues. 
What we as IESG members have got are suggestions on solutions, and we 
have (as far as I remember) said yes to all proposals.

What we have heard back from wg chairs etc is that they have got 
private messages back from wg members which have issues with the 
proposals, issues with privacy being mandatory _at_all_. They have 
checked with IESG whether things really need to be mandatory, and the 
answer is yes.

What is the difference between what you here point to, and what Scott

(Continue reading)

McGarry, Tom | 8 Jan 2003 00:12

RE: privacy

I don't think you've explained why the IESG wants this to be mandatory?  (If
you have, I apologize, can you repeat it or point us to it?)

-----Original Message-----
From: Patrik Fältström [mailto:paf <at> cisco.com]
Sent: Tuesday, January 07, 2003 5:29 PM
To: Rick Wesson
Cc: Edward Lewis; 'ietf-provreg <at> cafax.se'; iesg <at> ietf.org; rick <at> ar.com
Subject: Re: privacy

On tisdag, jan 7, 2003, at 22:43 Europe/Stockholm, Rick Wesson wrote:

> I have some thoughts on this. I prefered the capability in scott's 
> second
> to the last proposal [1] -- I also have an issue with the IESG deciding
> what in the most appropiate methodology.

What IESG want is _some_ mandatory to implement mechanism which makes 
it possible for the registrar to say to the registry "Do not disclose 
this attribute to a third party". If the wg want to have the mandatory 
to implement mechanism more powerful than that, fine. What is not ok is 
the protocol not having any mandatory to implement privacy mechanism in 
it, only extensions.

> finally I would appreciate it if the IESG would post these discussion 
> to
> the public list as private discussions are just that, private.

The issues IESG has are posted on the I-D tracker, and it is up to the 
editor and wg chair (and that way the wg) how to resolve the issues.

(Continue reading)

Hollenbeck, Scott | 8 Jan 2003 13:17

Picon

RE: privacy

> The crux of the issue is, there are situations in which a registrar 
> may wish to alter the default privacy considerations for data when 
> interacting with a registry.  Not all registrar-registry environments 
> will need this flexibility, but there is a claim that some exist.  (I 
> have no personal, first-hand knowledge of any such environments.)
> 
> How can we accomodate such environments?  That is the basic question.

FWIW the attribute-based proposal is the one most closely aligned with
"standard" XML practice, if such a thing exists.  XML attributes are
typically used to describe the data contained within an element, and that's
what's being proposed.

The other proposal I floated (the <doNotDisclose> proposal) could also work,
but it means carrying the same element data twice: once in the "normal"
place and a second time to mark it.  I can understand why some of the folks
who've been doing implementations might find it easier to incorporate into
current code, but I don't think it's the best architectural solution.

Just my two cents...

-Scott-

Joe Abley | 8 Jan 2003 17:15

Re: privacy

On Wednesday, Jan 8, 2003, at 07:17 Canada/Eastern, Hollenbeck, Scott 
wrote:

>> The crux of the issue is, there are situations in which a registrar
>> may wish to alter the default privacy considerations for data when
>> interacting with a registry.  Not all registrar-registry environments
>> will need this flexibility, but there is a claim that some exist.  (I
>> have no personal, first-hand knowledge of any such environments.)
>>
>> How can we accomodate such environments?  That is the basic question.
>
> FWIW the attribute-based proposal is the one most closely aligned with
> "standard" XML practice, if such a thing exists.  XML attributes are
> typically used to describe the data contained within an element, and 
> that's
> what's being proposed.

Would it be possible to hear the set of requirements to which the 
attribute solution forms an acceptable solution?

I suspect that the requirements need work (or at least they need input 
based on real-life registry policy, as opposed to policy assumed by the 
IESG).

As Rick mentioned, if the IESG could raise their concerns on this list 
it would be a lot easier to understand where they are coming from.

Joe

(Continue reading)

Rick Wesson | 8 Jan 2003 17:29

Re: privacy


Randy,

> > I have some thoughts on this. I prefered the capability in scott's second
> > to the last proposal [1] -- I also have an issue with the IESG deciding
> > what in the most appropiate methodology.
>
> the iesg members specifically said we did not want to decide the method,
> though some decades of programming practice does suggest one.  what we
> do care is that there is a mechanism which may be invoked by policy.

would you please discuss your rationale in the light that all gTLD
registrations will also be published in the whois negating any utility of
your requirement.

furthermore, since gTLD registries and registrars (the primary users of
this work product) are required by contract to publicly publish this
information, the paries using this privacy enhanced protocol would be
exposed to a serious liability concern as registrants expect information to
be private but contracts require it be published.

IMHO, privacy needs to be addressed in a superset of the protocols (epp,
crisp, whois) and a specific group tasked with that job; requesting
prov-reg to preform this task appears to be short sighted knee-jerk
reaction.

I'd appreciate it if you either enlighten us with more detail or
politely back off.

-rick

(Continue reading)

Stephane Bortzmeyer | 8 Jan 2003 17:50

Picon

Re: privacy

On Wed, Jan 08, 2003 at 08:29:29AM -0800,
 Rick Wesson <wessorh <at> ar.com> wrote 
 a message of 32 lines which said:

> IMHO, privacy needs to be addressed in a superset of the protocols (epp,
> crisp, whois) and a specific group tasked with that job; 

This is very reasonable (sorry for the fine members of the Provreg
group but last-minute attempts to solve a problem as large as the
privacy policies in a few lines of patch to the I-D are quite
laughable).

But such a group already exists: W3C's P3P group. P3P can be used for
more than Web sites and they are willing to do what it needs to extend
their framework to registry privacy policies.

Group

gmane.ietf.provreg.

Search Archive

Page

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9

Articles in period: 87

January 2003

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

Launch Phase EPP Extension Version 11 (17 May 2013)
gtld-tech mailing list (17 May 2013)
Custom phases with claims (16 May 2013)
Path to standard? (11 May 2013)
Launchphase and (10 May 2013)
Implementation of EPP AuthInfo (9 May 2013)
Launch EPP SDK 2.1.0.0 Preview (8 May 2013)
Implementation of EPP AuthInfo (7 May 2013)
Implementation of EPP AuthInfo (7 May 2013)
Implementation of EPP AuthInfo (7 May 2013)
New Version Notification for draft-obispo-epp-idn-03.txt (6 May 2013)
Launch Phase EPP Extension Version 10 (1 May 2013)
Biggest Fake Conference in Computer Science (27 Apr 2013)
Review of draft-lozano-tmch-func-spec-05 (23 Apr 2013)
comments on draft-tan-epp-launchphase-09 (22 Apr 2013)
Fwd: New Version Notification for draft-obispo-epp-idn-02.txt (21 Apr 2013)
Launch Phase EPP Extension Version 09 (17 Apr 2013)
Launch: check command use beyond claims (9 Apr 2013)
Launch: availability and claims information (9 Apr 2013)
Recombining the claims1 and claims2 phases to the claims phase in draf (8 Apr 2013)
Fwd: New Version Notification for draft-gieben-epp-keyrelay-02.txt (3 Apr 2013)

Archives

29	May 2013
61	April 2013
44	March 2013
27	February 2013
42	January 2013
72	December 2012
7	November 2012
16	October 2012
6	September 2012
73	August 2012
1	July 2012
2	May 2012
39	April 2012
82	March 2012
26	February 2012
161	January 2012
35	December 2011
8	November 2011
27	October 2011
17	July 2011
64	June 2011
20	May 2011
19	April 2011
3	March 2011
1	December 2010
9	September 2010
4	August 2010
3	July 2010
7	June 2010
2	May 2010
15	March 2010
48	February 2010
108	January 2010
16	December 2009
35	November 2009
34	October 2009
1	September 2009
11	August 2009
8	July 2009
33	April 2009
30	December 2008
5	October 2008
6	September 2008
4	April 2008
2	March 2008
5	January 2008
3	December 2007
13	October 2007
16	June 2007
1	May 2007
36	April 2007
7	March 2007
19	January 2007
9	December 2006
11	November 2006
4	October 2006
2	September 2006
15	August 2006
28	July 2006
32	June 2006
4	May 2006
5	April 2006
18	February 2006
5	November 2005
52	October 2005
30	September 2005
68	August 2005
27	July 2005
2	June 2005
1	April 2005
1	February 2005
7	November 2004
20	September 2004
2	August 2004
3	July 2004
1	June 2004
4	May 2004
24	April 2004
16	March 2004
10	January 2004
24	December 2003
7	November 2003
7	October 2003
4	September 2003
2	August 2003
15	July 2003
10	June 2003
28	May 2003
132	April 2003
135	March 2003
37	February 2003
87	January 2003
106	December 2002
95	November 2002
121	October 2002
68	September 2002
114	August 2002
87	July 2002
47	June 2002
21	May 2002
25	April 2002

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template