Hi Ted,
At 09:53 29-05-2013, Ted Lemon wrote:
too restrained in this regard, IMHO. I would add some text to the
introduction, like this:
The DNS Resource Records described in this document have significant
privacy implications (see section 8). They were developed with the
intention to use them in [scenario a] or [scenario b] and are likely
not to be appropriate in other scenarios. In particular, they are
unlikely to be appropriate for use in DNS zones hosted on
globally-reachable servers that will answer any query without any
access control mechanism.
Here's what I would be told: Scenario a and Scenario b do not have
privacy implications as they have been reviewed by a respected
organization in Canada. I would also be told that there is an Office
of the Privacy Commissioner of Canada which is diligent [1]. I will
also be told that all this has been reviewed diligently by highly
respected people in the Internet Engineering Task Force.
I still do not plan to raise any objection on the draft.
Regards,
-sm
1. Out of context quote: "One issue being contended with by several
data protection authorities was whether or not Media Access Control
("MAC") addresses (manufacturer-assigned codes that allow devices to
speak to one another), either alone or in combination with other
information, constitute personal information. The OPC did not have
to address this question since it found, as a matter of fact, clear
examples of personal information collected among the payload data,
including complete e-mails, user names and passwords, and even
medical conditions of specified individuals. However, as in the case
of IP addresses, the question of whether or not MAC addresses
constitute personal information is highly contextual and must be
considered in conjunction with what other information is also
available to different users in different circumstances.