Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

On 13/02/19 8:22 PM, Gould, James wrote: > > Can you provide your latest proposed section(s) on the list for consideration > by the WG? > James, thanks for bumping the thread. Everyone, thanks for the discussion. I have revised the text based on the discussion, which you can find below. I re

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

Gurshabad, Can you provide your latest proposed section(s) on the list for consideration by the WG? Thanks, — JG James Gould Distinguished Engineer jgo...@verisign.com 703-948-3271 12061 Bluemont Way Reston, VA 20190 Verisign.com On 1/2/19, 11:44 AM, "Gou

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

On Wed, 2 Jan 2019, Gould, James wrote: To remove any concerns related to the inclusion of VSP policy in draft-ietf-regext-verificationcode, the sentence " The VSP MUST store the proof of verification and the generated verification code; and MAY store the verified data." can be removed. If th

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

John, To remove any concerns related to the inclusion of VSP policy in draft-ietf-regext-verificationcode, the sentence " The VSP MUST store the proof of verification and the generated verification code; and MAY store the verified data." can be removed. If there are no objections to the remova

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

On Wed, 2 Jan 2019, Adam Roach wrote: I don't understand why.  The code is a signed token.  Imagine the registry goes back to the signer asks about token 123-foo666 and the answer is "We're the Ministry, we signed it, of course it's valid.  The details are secret." While that would not be m

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

[as an individual] On 1/2/19 12:10 PM, John R Levine wrote: The 2119 words MUST and MAY are used to signify requirements; although that does imply interoperability as well.  This statement is associated with making the verification code functional, since the verification code represents a sign

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

The 2119 words MUST and MAY are used to signify requirements; although that does imply interoperability as well. This statement is associated with making the verification code functional, since the verification code represents a signed and typed verification pointer, it must point to something

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

John, The 2119 words MUST and MAY are used to signify requirements; although that does imply interoperability as well. This statement is associated with making the verification code functional, since the verification code represents a signed and typed verification pointer, it must point to som

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

Gurshabad, For the defined purpose of draft-ietf-regext-verificationcode, the VSP needs to be defined as an entity, but the VSP's verification process is not defined and is out-of-scope. The use of examples in an IETF draft does not classify as guidance. The only obligation of the VSP within

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

Hi all, I strongly support the inclusion of text in the draft. I think the differentiations that are being made here between 'technical' and 'policy', and 'technical' and 'judicial' here are merely rhetorical. No clear definition of the either terms and/or the difference have been offered thus

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

Hello, On 12/26/18 15:32, Gould, James wrote: > Do others in the working group believe that either the verification process > of the VSP is in scope based on the current wording of the draft or that a > consideration section can cover something that is outside the defined scope > of the draft?

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

In article <41f72627-faf2-1fd4-b356-065b3cb98...@cis-india.org> you write: >"The VSP MUST store the proof of verification and the generated >verification code; and MAY store the verified data." The 2119 words MUST and MAY are about interoperation. Now that you point it out, this has nothing to do

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

On 26/12/18 8:02 PM, Gould, James wrote: > [...] The thread with Andrew Newton did not clarify the applicability of the > Privacy Considerations, but addressed two technical issues related to fixing > the described relationship of the client with the server, and fixing the > inappropriate inclus

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

In article you write: >Do others in the working group believe that either the verification process of >the VSP is in scope >based on the current wording of the draft or that a consideration section can >cover something that >is outside the defined scope of the draft? Heck, no. They have nothin

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

Gurshabad, I first need to be clear that I oppose adding both sections that you've provided to draft-ietf-regext-verificationcode. The sections that you've provided are non-technical and are associated with policy elements. The REGEXT working group has dealt with technical aspects of drafts.

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

On 20/12/18 1:01 AM, Gould, James wrote: > > Your proposed Privacy Considerations section and much of your proposed Human > Rights Considerations section focuses on the interface of the VSP, which is > out-of-scope for draft-ietf-regext-verificationcode. The scope of > draft-ietf-regext-verifi

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

Niels, By design, draft-ietf-regext-verificationcode does not define the verification process or data, which maximizes its usefulness to a wide variety of situations. In this manner, it is in keeping with other REGEXT-originated RFCs (e.g. EPP, RDAP, etc). The scope of draft-ietf-regext-ver

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

On 12/19/18 8:31 PM, Gould, James wrote: > Gurshabad, > > Your proposed Privacy Considerations section and much of your proposed Human > Rights Considerations section focuses on the interface of the VSP, which is > out-of-scope for draft-ietf-regext-verificationcode. The scope of > draft-ietf-

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

Gurshabad, Your proposed Privacy Considerations section and much of your proposed Human Rights Considerations section focuses on the interface of the VSP, which is out-of-scope for draft-ietf-regext-verificationcode. The scope of draft-ietf-regext-verificationcode is on the structure of the di

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

[as an individual] On 12/19/18 9:40 AM, Niels ten Oever wrote: On 12/19/18 4:19 PM, Andrew Newton wrote: On Wed, Dec 19, 2018 at 5:22 AM Gurshabad Grover wrote: Privacy Considerations -- The working of the described extension depends on the sharing of data of (or generat

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

On 12/19/18 6:57 PM, Andrew Newton wrote: > On Wed, Dec 19, 2018 at 12:26 PM Niels ten Oever > wrote: >> >> >> I am not quite sure I understand, are you saying an Internet standard is not >> a norm? > > No, it's a technical specification. > Open technical standards are de facto norms. That

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

On Wed, Dec 19, 2018 at 12:26 PM Niels ten Oever wrote: > > > I am not quite sure I understand, are you saying an Internet standard is not > a norm? No, it's a technical specification. >From an ethical point of view, I am not opposed to privacy or human rights considerations in IETF documents.

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

On 12/19/18 4:45 PM, Andrew Newton wrote: > On Wed, Dec 19, 2018 at 10:38 AM Niels ten Oever > wrote: >> >> >> Everything is possible without the IETF: the Internet has open standards. So >> IETF is never solely responsible for anything. But IETF is setting a norm >> and thus normalizing and

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

On Wed, Dec 19, 2018 at 10:38 AM Niels ten Oever wrote: > > > Everything is possible without the IETF: the Internet has open standards. So > IETF is never solely responsible for anything. But IETF is setting a norm and > thus normalizing and enabling this behavior. I think this is made clear in

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

On 12/19/18 4:19 PM, Andrew Newton wrote: > On Wed, Dec 19, 2018 at 5:22 AM Gurshabad Grover > wrote: >> >> >> Privacy Considerations >> -- >> The working of the described extension depends on the sharing of data of >> (or generated by) registrants with the Verification Serv

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

On 12/19/18 4:27 PM, Andrew Newton wrote: > On Wed, Dec 19, 2018 at 6:47 AM Niels ten Oever > wrote: >> >> I think the unclarity here is about the nature of causation, and more >> specifically about the priority of events. Because the exchange of private >> data between a registrar and a VSP on

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

On Wed, Dec 19, 2018 at 6:47 AM Niels ten Oever wrote: > > I think the unclarity here is about the nature of causation, and more > specifically about the priority of events. Because the exchange of private > data between a registrar and a VSP on the one hand, and the use of the > verification c

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

On Wed, Dec 19, 2018 at 5:22 AM Gurshabad Grover wrote: > > > Privacy Considerations > -- > The working of the described extension depends on the sharing of data of > (or generated by) registrants with the Verification Service Provider > (VSP), which is a third party. The speci

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

I think the unclarity here is about the nature of causation, and more specifically about the priority of events. Because the exchange of private data between a registrar and a VSP on the one hand, and the use of the verification code on the other hand, is of a necessary deterministic nature, I d

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

On 19/12/18 2:34 AM, Andrew Newton wrote: > > I thought the token was passed by the EPP client (registrar) to the > EPP server (registry), the purpose of which is to show that the > verification occurred before the transaction. > Thanks for pointing that out. A better way to phrase my concern wo

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

On Tue, Dec 18, 2018 at 4:20 PM Gould, James wrote: > > Yes, draft-ietf-regext-verificationcode defines the structure of the > verification code that is passed between the EPP client (registrar) to the > EPP server (registry) to show that the verification occurred before the EPP > transaction.

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

Andy, >I thought the token was passed by the EPP client (registrar) to the >EPP server (registry), the purpose of which is to show that the >verification occurred before the transaction. Yes, draft-ietf-regext-verificationcode defines the structure of the verification code that is pa

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

I am admittedly not as versed on EPP as others in the wg, but is this true? From your privacy text: "This document describes an extension designed to share the data of (or generated by) a registrant with the Verification Service Provider (VSP), which is a third party." The intro section of the dr

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

[as an individual] While I might quibble about some of the specifics of the proposed text, I disagree with the characterization of "unhelpful." Both proposed sections, in fact, make an attempt to be actionable. In terms of tendentiousness, one could easily say the same of pretty much any "Se

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

Having reviewed the proposed text, I would encourage the WG to ignore it. It is unhelpful, tendentious and a distraction from the WG's purpose. In the interest of not wasting any more time, this is my last message on the topic. R's, John In article <5f7d0b3e-c844-1700-c369-90bb41e82...@cis-indi