[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: evaluation: draft-ietf-crisp-requirements
Steve,
This is meant to be covered by this text:
3.1.4.1 Protocol Requirement
The protocol MUST NOT prohibit an operator from granularly assigning
multiple types of access to data according to the policies of the
operator. The protocol MUST provide an authentication mechanism and
MUST NOT prohibit an operator from granting types of access based on
authentication.
The protocol MUST provide an anonymous access mechanism that may be
turned on or off based on the policy of an operator.
Since these protocol requirements apply only to distributing
information, there is no place in it for the client to express
privacy preferences about the data (indeed, that's likely to be covered
by EPP).
regards,
Ted
At 9:25 AM -0400 6/26/03, Steve Bellovin wrote:
I think there should be some requirement that data be taggable to meet
privacy requirements. We just went through this a few months ago.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)