Re: resolution of IESG comments for draft-ietf-mtgvenue-iaoc-venue-selection-process-15

Russ Housley <housley@xxxxxxxxxxxx> · Tue, 12 Jun 2018 17:22:33 -0400

On Jun 12, 2018, at 1:20 PM, Eliot Lear <lear@xxxxxxxxx> wrote:

  Hi Russ,

            7.  Privacy Considerations

                 Different places have different constraints on
              individual privacy.

                 The requirements in this memo are intended to provide
              for some

                 limited protections. 

      I do not think that the memo itself provides any
        privacy protections.  Rather, the IAOC process described in the
        memo takes individual privacy as one factor in venue selection.

    Perhaps this goes to the AD's comment a bit more, but the only real
    privacy protections involve how the network is managed, and that is
    a requirement, not a process.

Here is the whole section, which is a single paragraph:

    7.  Privacy Considerations

   Different places have different constraints on individual privacy.
   The requirements in this memo are intended to provide for some
   limited protections that attendees can apply.  As meetings are
   announced, IASA SHALL inform the IETF of any limitations to privacy
   they have become aware of in their investigations.  For example,
   participants would be informed of any regulatory authentication or
   logging requirements.  This note reveals no personally identifying
   information apart from its authorship.

I do not understand the use of "attendees can apply" in the second sentence.  I think the requirements in this memo set some expectations, and then the next few sentence say that the IAOC shall tell the community about anything that is out of the norm.  But it does not really say that.

I do not understand the last sentence.  This note reveals email addresses of the authors.  I think the last sentence should be removed or it should become an additional paragraph with more explanation.

Russ