At 07:45 15-08-2013, The IESG wrote:
The IESG has received a request from the Reputation Services WG (repute)
to consider the following document:
- 'A Model for Reputation Reporting'
<draft-ietf-repute-model-07.txt> as Informational RFC
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@xxxxxxxx mailing lists by 2013-08-29. Exceptionally, comments may be
The Privacy Considerations Section focuses on data in transit and
collection of data only. Section 8.1 mentions protecting the data
from "unauthorized access and viewing". That would only be
unauthorized viewing while the data is in transit.
I don't know whether people overlook this; the queries leak out
information. Information which the user might consider as private is
sent out without the person's knowledge. I suggest pushing that
discussion to the specification which defines the identity (e.g.
draft-ietf-repute-email-identifiers-08).
As a general comment I would say that the issue is less about privacy
and more about reputation. There is a saying: Tell me what you read
and I will tell you who you are.
Regards,
-sm