[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: evaluation: draft-ietf-crisp-requirements

To: Steve Bellovin <smb@research.att.com>, iesg-secretary@ietf.org
Subject: Re: evaluation: draft-ietf-crisp-requirements
From: hardie@qualcomm.com
Date: Thu, 26 Jun 2003 08:51:57 -0700
Cc: iesg@ietf.org
In-reply-to: <20030626132508.48AEB7B4D@berkshire.research.att.com>
References: <20030626132508.48AEB7B4D@berkshire.research.att.com>

Steve,
	This is meant to be covered by this text:

3.1.4.1 Protocol Requirement

   The protocol MUST NOT prohibit an operator from granularly assigning
   multiple types of access to data according to the policies of the
   operator.  The protocol MUST provide an authentication mechanism and
   MUST NOT prohibit an operator from granting types of access based on
   authentication.

   The protocol MUST provide an anonymous access mechanism that may be
   turned on or off based on the policy of an operator.

	Since these protocol requirements apply only to distributing
information, there is no place in it for the client to express
privacy preferences about the data (indeed, that's likely to be covered
by EPP).
				regards,
					Ted


At 9:25 AM -0400 6/26/03, Steve Bellovin wrote:

I think there should be some requirement that data be taggable to meet
privacy requirements.  We just went through this a few months ago.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)

References:
- evaluation: draft-ietf-crisp-requirements
  - From: Steve Bellovin <smb@research.att.com>

Prev by Date: Re: Evaluation: draft-ietf-avt-mpeg4-simple - RTP Payload Format for Transport of MPEG-4 Elementary Streams to Proposed Standard
Next by Date: Re: evaluation: draft-ietf-crisp-requirements
Previous by thread: evaluation: draft-ietf-crisp-requirements
Next by thread: Re: evaluation: draft-ietf-crisp-requirements
Index(es):
- Date
- Thread