- From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
- Date: Tue, 11 Mar 2014 20:05:55 +0100
- To: Joseph Lorenzo Hall <joe@cdt.org>, public-privacy@w3.org
- Message-ID: <531F5E93.10806@gmx.net>
Hi Joe, Note that there are two different aspects: 1) A description that explains what a document author would have to consider when taking privacy into account during the design of a protocol. 2) How the process of doing privacy write-ups and reviews looks like. RFC 6973 (and http://www.tschofenig.priv.at/w3c-privacy-guidelines.html) are about #1. Regarding item #2 we (in the IETF/IAB) are still debating how exactly this would be done since there isn't a lot of experience out there. We had a meeting at the last IETF meeting (which was last week in London) to find out how such reviews could actually take place. There is also a document that puts more requirements (in terms of process forward): https://tools.ietf.org/html/draft-cooper-ietf-privacy-requirements-00 I am always uncertain whether you guys talk about #1 or #2 when you refer to RFC 6973. You seem to conflate the two aspects. Ciao Hannes On 03/11/2014 04:48 PM, Joseph Lorenzo Hall wrote: > > > On 3/11/14, 11:01 AM, Hannes Tschofenig wrote: > >> On 03/11/2014 03:03 PM, Joseph Lorenzo Hall wrote: >>> The guidelines in RFC 6973 are in no way systematic; they are >>> probably better characterized as a point or one-time evaluation. >>> They are meant to be a set of considerations that IETF >>> specifications should respond to before Area Director review, and >>> the AD can require specification editors to include text >>> addressing those issues. > >> Joe, could you explain your criticism regarding RFC 6973? > >> Regarding the question about when to do the review RFC 6973 does >> not mandate a specific style. In the IETF, as you know, reviews are >> done in all stages of the document life-cycle (not only during IESG >> review). > > I didn't mean it as a critique necessarily... just a statement of the > model of review that IETF currently supports. It seemed to be that the > w3c process is so different that having more specific elements > sprinkled throughout the standards process might be a good alternative. > Of course, the desire to make this not a chore for PING or WG > participants is a big part of what we can reasonably do here... which > is why I think a two part solution may be good in the short term: > > 1. Have something solid in place for newly chartered activities that > incorporates PING and privacy (trainings, privacy consideration input > into draft charters). > > 2. Try and enhance or profile the 6973 guidelines for web standards > such that we're comfortable that it will do some real good in what > Frank talks about in the "go-live" sign-off... but that clearly must > happen at the Working Draft stage. > > I'm a total noob, so please teach me where I'm being naive and we'll > move on to do great things. > > best, Joe > > >
Received on Tuesday, 11 March 2014 19:19:57 UTC