John, > It is hard, and maybe impossible, to argue against the IETF > having an established privacy policy, so I agree with Melinda's > "about time". > > However, while administering such a policy (to the degree to > which such a thing is needed) is a reasonable task for the IETF > community to assign to the IAOC (or Trust), those bodies are > quite explicitly not supposed to be represent or determine > community consensus: they are administrative, administrative > only, and part of a structure erected to handle administrative > tasks. > > So, while the RFC process may not be appropriate for handling a > privacy policy (I'm actually not convinced it is not, but that > is another matter), unless we are really going top-down around > here, the responsibility for determining community consensus > about such a policy for the IETF community and setting it has to > stay with the IESG. I just don't see any way to avoid that. With no hats on, I agree with you that this should go through the consensus process. If the IETF chooses to go forward with this or something similar, it should get lots of review and consideration. It has the potential to have lots on unintended consequences. I will hold off on commenting on the proposal itself until I have read it. Bob _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf