Roman Danyliw has entered the following ballot position for
draft-ietf-regext-rdap-redacted-14: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to 
https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ 
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-regext-rdap-redacted/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thank you to Hilarie Orman for the SECDIR review.

** Section 3.
   Redaction in RDAP can be handled in multiple ways.  The resulting
   redacted RDAP response MUST comply with the RDAP RFCs, such as
   [RFC9083].

This language of “comply with the RDAP RFCs” seems to too imprecise given the
normative MUST.  Is there a way to be more precise?  Could this be scoped to
“RFC9083 and updates”?

** Section 8.
   Servers MAY exclude the redacted members for RDAP fields that are
   considered a privacy issue in providing a data existence signal.

Could this please be expanded upon?  Is this practically saying if the fields
are “sufficiently privacy sensitive” (where the existence of the data must not
be revealed then) ignore the redaction mechanism in this draft?

** The SECDIR review thread
(https://mailarchive.ietf.org/arch/msg/secdir/lqQBoljsw6aP2bgiVQOMzHBKpWU/)
suggested additional language around a published redaction policy.  Recognizing
the operational details noted in
https://mailarchive.ietf.org/arch/msg/secdir/f3--V4Wfzk_m6cBGQCj-FTldRFM/, I
would recommend adding an Operational Consideration sections saying something
to the effect of:

NEW (rough text)
Operational Considerations

RDAP server operators MAY choose to publish a redaction policy describing how
this extension is implemented for their constituency.  The contents of such a
policy are outside the scope of this specification.



_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext

Reply via email to