[dns-privacy] Deborah Brungard's No Objection on draft-ietf-dprive-bcp-op-08: (with COMMENT)

Deborah Brungard via Datatracker <noreply@ietf.org> Wed, 05 February 2020 21:11 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Deborah Brungard via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-dprive-bcp-op@ietf.org, Tim Wicinski <tjw.ietf@gmail.com>, dprive-chairs@ietf.org, tjw.ietf@gmail.com, dns-privacy@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Deborah Brungard <db3546@att.com>
Message-ID: <158093707970.12775.12544642589807279004.idtracker@ietfa.amsl.com>
Date: Wed, 05 Feb 2020 13:11:19 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/cvAYHuAPjqYGdFB6FukOUvhLnqU>
Subject: [dns-privacy] Deborah Brungard's No Objection on draft-ietf-dprive-bcp-op-08: (with COMMENT)

Deborah Brungard has entered the following ballot position for
draft-ietf-dprive-bcp-op-08: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-dprive-bcp-op/

----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

In general, I support this document. It is good to help educate folks on what
should be included in a privacy statement, but as Alissa notes, there is no "one
size fits all". Especially if one implies a cookie cutter type of form with check
marks will be adequate to compare offerings. I don't think this is what was
intended - considering the detailed assessment on the DROP form - but
there's a couple of sentence stragglers that infer the DROP form is the form
*for all*.

Support Alissa's and Ben's Discuss.

A couple of my concerns:

5.3.3 Both Alissa (and Stephen previously) noted there is no meaningful way to obtain
explicit "consent". Considering this document is a "best practice", suggest simply
removing, and recommending as Alissa says "not share".

6.1.2 #5 agree with Alissa - this should be removed.

6.2 "We note that the existing set of policies vary widely in style,
content and detail and it is not uncommon for the full text for a
given operator to equate to more than 10 pages of moderate font sized
A4 text. It is a non-trivial task today for a user to extract a
meaningful overview of the different services on offer."

I'm not sure what this is trying to say? The purpose of this document is
to advocate for comprehensive privacy statements. As Alissa notes (2), this document
alone is not sufficient to give adequate description for a service. This sentence implies
a 10-page document is bad because it is 10 pages (yet this document's DROP example
has 5 pages requiring detailed information and lists to complete). And the last sentence
negatively prejudges a user's reading capability or specific interest. Suggest drop the last
sentence and it will remove the negativity as I don't think the DROP example is any easier
on a user to read.

[dns-privacy] Deborah Brungard's No Objection on … Deborah Brungard via Datatracker
Re: [dns-privacy] Deborah Brungard's No Objection… Sara Dickinson