Roman Danyliw has entered the following ballot position for draft-ietf-regext-rdap-redacted-14: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-regext-rdap-redacted/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you to Hilarie Orman for the SECDIR review. ** Section 3. Redaction in RDAP can be handled in multiple ways. The resulting redacted RDAP response MUST comply with the RDAP RFCs, such as [RFC9083]. This language of “comply with the RDAP RFCs” seems to too imprecise given the normative MUST. Is there a way to be more precise? Could this be scoped to “RFC9083 and updates”? ** Section 8. Servers MAY exclude the redacted members for RDAP fields that are considered a privacy issue in providing a data existence signal. Could this please be expanded upon? Is this practically saying if the fields are “sufficiently privacy sensitive” (where the existence of the data must not be revealed then) ignore the redaction mechanism in this draft? ** The SECDIR review thread (https://mailarchive.ietf.org/arch/msg/secdir/lqQBoljsw6aP2bgiVQOMzHBKpWU/) suggested additional language around a published redaction policy. Recognizing the operational details noted in https://mailarchive.ietf.org/arch/msg/secdir/f3--V4Wfzk_m6cBGQCj-FTldRFM/, I would recommend adding an Operational Consideration sections saying something to the effect of: NEW (rough text) Operational Considerations RDAP server operators MAY choose to publish a redaction policy describing how this extension is implemented for their constituency. The contents of such a policy are outside the scope of this specification. _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
