Paul, Thank you for the review and feedback. I provide a response to your feedback embedded below.
Thanks, -- JG James Gould Fellow Engineer jgo...@verisign.com <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgo...@verisign.com> 703-948-3271 12061 Bluemont Way Reston, VA 20190 Verisign.com <http://verisigninc.com/> On 9/21/23, 9:09 AM, "Paul Wouters via Datatracker" <nore...@ietf.org <mailto:nore...@ietf.org>> wrote: Caution: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Paul Wouters has entered the following ballot position for draft-ietf-regext-rdap-redacted-14: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://secure-web.cisco.com/1CpZOXr7hg-r0QI4Ih1p-azu_ECWEjDe-lsw99KyI1XlQA_jxe5Ds2N57QsooWgBWBmvNnYsBIksXNfEtjSdXhgwm-PzDOce66KZOd3OWGJO71VCNQylAlgSa2zpfJeqfihtH4I_2BcIIayPn3yIsad0nCUZ1rZEbULMhe7hzct1xE_pETXb5VN4h9gW1fGqS26GlZ9M1n1RZWZpATLrHhlsLNc8TcWpDLQq9IdWbJVvkdxPNOFWcAgGEcRzHY8dwEJDVIk1lF1t-3n9hTZT-mx7pb15v3rNmnzkvW9UZe_s/https%3A%2F%2Fwww.ietf.org%2Fabout%2Fgroups%2Fiesg%2Fstatements%2Fhandling-ballot-positions%2F <https://secure-web.cisco.com/1CpZOXr7hg-r0QI4Ih1p-azu_ECWEjDe-lsw99KyI1XlQA_jxe5Ds2N57QsooWgBWBmvNnYsBIksXNfEtjSdXhgwm-PzDOce66KZOd3OWGJO71VCNQylAlgSa2zpfJeqfihtH4I_2BcIIayPn3yIsad0nCUZ1rZEbULMhe7hzct1xE_pETXb5VN4h9gW1fGqS26GlZ9M1n1RZWZpATLrHhlsLNc8TcWpDLQq9IdWbJVvkdxPNOFWcAgGEcRzHY8dwEJDVIk1lF1t-3n9hTZT-mx7pb15v3rNmnzkvW9UZe_s/https%3A%2F%2Fwww.ietf.org%2Fabout%2Fgroups%2Fiesg%2Fstatements%2Fhandling-ballot-positions%2F> for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://secure-web.cisco.com/1KHuATKZeiVMS7j94WPyCRRGjzAXCbMeADXRRhlEoJ8wMVAWsKkmn0I9iLSwg19tt71Rn9h_ECDuoaCHBLtzYcCmhqY-sC1Jwq_chAkxAAcCuVI9Uv7kctsr4KnbFLcXSOH918pRDN_5q_wrjQJM0YHinXhLJcROuZLtTy0HGH1sPeRN8zIEkWcL0NSEUG31UxqtVLqnJWLvQROIA6DltfAqaFgX2fPr5hDU8-oM9sM9Mb0hiyKu46t6RR3IxuNMELsbJi5UXmicy3eYbz9soCxO8BLotcpcNdJnCH2jnpag/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-regext-rdap-redacted%2F <https://secure-web.cisco.com/1KHuATKZeiVMS7j94WPyCRRGjzAXCbMeADXRRhlEoJ8wMVAWsKkmn0I9iLSwg19tt71Rn9h_ECDuoaCHBLtzYcCmhqY-sC1Jwq_chAkxAAcCuVI9Uv7kctsr4KnbFLcXSOH918pRDN_5q_wrjQJM0YHinXhLJcROuZLtTy0HGH1sPeRN8zIEkWcL0NSEUG31UxqtVLqnJWLvQROIA6DltfAqaFgX2fPr5hDU8-oM9sM9Mb0hiyKu46t6RR3IxuNMELsbJi5UXmicy3eYbz9soCxO8BLotcpcNdJnCH2jnpag/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-regext-rdap-redacted%2F> ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- The Security Considerations states: Servers MAY exclude the redacted members for RDAP fields that are considered a privacy issue in providing a data existence signal. This really seems like a 5th method of Redaction that should have its own entry in Section 3. Or alternatively, should be documented in the 3.1 Section. (as in, this is not a security consideration, but an explicit feature) JG - This language is associated with the exclusion of the redacted member in the redacted extension due to privacy concerns with providing a signal of the existence of redacted data. The data in the response has been redacted according to one of the methods in Section 3, but providing the signal that it has been redacted via the redacted extension may cause leakage of privacy information by the server. The potential of leaking privacy information by the server based on redacted members being returned in the redacted extension is the reason it's contained in the security considerations, and it doesn't change how data itself is redacted, so it's not applicable for Section 3. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Since Section 3 extensively uses terminology from Section 4, I think it makes more sense to change the order of these two sections. JG - I believe it's best to describe the methods of redaction first prior to describing how to signal the redaction methods in the extension; otherwise, the extension will jump directly into the protocol prior to setting the context for the inclusion of the extension. _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
