On Sat, Jul 24, 2010 at 06:30:24AM +0200, Dave CROCKER wrote: > We should stop talking about this topic as if we were lawyers and start > talking as if we cared about how agents of the IETF handle sensitive > information. That is what I understand the practical purpose of a > privacy policy to be. I'm about to exceed my self-imposed rate limit, so I'll not respond again in this thread, but I half agree with the above. If what we want is a statement of principles about what things the IETF considers private and not private in the context of IETF interactions, I think that's reasonable. I understood his remarks as meaning that this was also what Bob Hinden wanted (in his comments on the I-D in question). I don't think that's a privacy policy, however, even if I might think it a good idea. A privacy policy is normally something like what's in the I-D: it specifies what the parties will do and will not do. It sometimes even specifies what happens when the policy is violated. It is (or ought to be, if useful) quite specific. I haven't yet seen an argument that convinces me that such a policy is something the IETF should have, given that "the IETF" is a sort of hydra in which different policies might apply depending on the head with which one interacted. A -- Andrew Sullivan ajs@xxxxxxxxxxxx Shinkuro, Inc. _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf