On 3/17/16 05:34, Stephane Bortzmeyer wrote:
On Wed, Mar 16, 2016 at 01:14:17PM -0500,
Adam Roach <adam@xxxxxxxxxxx> wrote
a message of 149 lines which said:
I certainly hope that this means to say "IETF will store hashed
versions of these passwords and does not make them available to the
public."
I don't think it is a good idea, in a policy document, to be too
specific about the technical measures we take (because they may change
often).
Sure, the level of technical detail can probably be scaled back a bit,
but I think it's relevant for a privacy policy to indicate that password
information is stored in an obscured form according to industry best
practices.
/a