On Wed, Dec 19, 2018 at 5:22 AM Gurshabad Grover <gursha...@cis-india.org> wrote: > > > Privacy Considerations > ---------------------- > The working of the described extension depends on the sharing of data of > (or generated by) registrants with the Verification Service Provider > (VSP), which is a third party. The specification leaves the scope of > information shared with and stored by the VSP up to the policies of the > locality. There may be no mechanisms for registrants to express > preference for what information should shared with the VSP, in which > case, registrants' sensitive personal information directly linked to the > identities of the individual, such as contained in the contact mapping > object, may be exposed to the VSP without user control. This personal > information may be further correlated with other data sources available > to the VSP. > > If a client seeks to implement or offer this extension, it MUST inform > the registrant about about the exact information to be shared with the VSP. >
I disagree with the MUST. What the registrant is informed of or not is entirely a policy matter and not up to the IETF. At best, this should be a lowercase "should". -andy _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
