IETF Logo Mail Archive

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

Andrew Newton <andy@hxr.us> Wed, 19 December 2018 15:28 UTC

Return-Path: <andy@hxr.us>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1736F12008F for <regext@ietfa.amsl.com>; Wed, 19 Dec 2018 07:28:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hxr-us.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RUYcW1gqDjLB for <regext@ietfa.amsl.com>; Wed, 19 Dec 2018 07:28:52 -0800 (PST)
Received: from mail-it1-x12e.google.com (mail-it1-x12e.google.com [IPv6:2607:f8b0:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAC9F124D68 for <regext@ietf.org>; Wed, 19 Dec 2018 07:28:52 -0800 (PST)
Received: by mail-it1-x12e.google.com with SMTP id g85so10222915ita.3 for <regext@ietf.org>; Wed, 19 Dec 2018 07:28:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hxr-us.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=2BDZyMGgZ//qtg/OPys01UbV3tkLxDEoczSSFT5JNNQ=; b=ThfydWpecGaDvFTIZNygEwycto9koypXFMWhn4EHc072fFR4CIkObaS6jvnNw/8mB9 nk4TEgA8/9fHDmwtmw1v2yW5bMAMajf6PCOPB/1121kVqxpLUYB1tWdO20iG5KaitvuG dbwGNDHF0bIzJu4EQzj1IxiVhgAW/nOOzAtk+Vim4OB89zgT48iZT17AUdU6qPGEWlc0 o7GNL7rC/HQk1vd51J7W3FR+TrXAMWxAacRM0IE/UhPLIsMlhfV3E8LVOjhqHH+3Hr2r tpMtwicMQMNa1i/IyDWi94GFEV0RJFPN4p37cW2U62x1ReRwvHl2IoVNlX5LEdGiqb6p jhRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=2BDZyMGgZ//qtg/OPys01UbV3tkLxDEoczSSFT5JNNQ=; b=EaXJuKU+/vbzKyMJDVZL2B3w3MiEdhtZTWNZ5/8CnznOY1RP4CR2MDb3Bw3WPqaXVb HY3poxIEDBir+dPAfUw3tRm4i/0QcpRXxzEZeSgGdT5Ddj7jF+x6WTaZDeLptDoRSPTY mR0T5LD3in9Fnh1S4aE6JmA9b3frLG5zM2vReh6l00piMPAk55QzDnWqL0EsKEkgrW3S YC1WBMUZ8rEjAQlLmHHWxSiI8gXxEnShGR3vMqICrUUkCzhLVg3+m/rjAFWrhHTIuLwa svkPIz9TSy/BRbUbYkefglLOrMaXavzHCv0+h97ZR+qrsaWs5nCve9dWyCHbKzZ46r3D SH4A==
X-Gm-Message-State: AA+aEWZmLFXHavdrehajj8VuBDBbXT2PmcqybEclv7DCDizfdkiNfoQ2 3/Ubob40Q9ekudpaQ/q3v5s7t+55Q3R44H8D1lbgFu8x
X-Google-Smtp-Source: AFSGD/Wdjrk1nxPPgAidQ9pfBKzrhtBFL+nTIKDoMsxycn97MKsUPMhC+9Df8x+JO6uD4TyGWR/09jvkSdaP+3t0G6k=
X-Received: by 2002:a24:c9c6:: with SMTP id h189mr7363047itg.175.1545233332016; Wed, 19 Dec 2018 07:28:52 -0800 (PST)
MIME-Version: 1.0
References: <5f7d0b3e-c844-1700-c369-90bb41e8241e@cis-india.org> <CAAQiQReVnuwFBCA2vOwnwaUw8k+1TCK-5DO+KLsd=CWF3Lh8Cg@mail.gmail.com> <FD1E789E-8B3B-41D3-8DA3-57056DBC437E@verisign.com> <CAAQiQRf-sq52ypDpyKQ9TUQiTiR0o5H-1RAaOyjf20YwphStyg@mail.gmail.com> <bfaed3fe-6f3b-75c3-e343-297cbe7130f7@digitaldissidents.org>
In-Reply-To: <bfaed3fe-6f3b-75c3-e343-297cbe7130f7@digitaldissidents.org>
From: Andrew Newton <andy@hxr.us>
Date: Wed, 19 Dec 2018 10:27:56 -0500
Message-ID: <CAAQiQRew=goq7CXfXjw+nEsnLpqmkCtPOtpcTerahb3YFrc1mA@mail.gmail.com>
To: lists@digitaldissidents.org
Cc: Registration Protocols Extensions <regext@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/67J05154vYj_FTj8TN49VFCmQ3s>
Subject: Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Dec 2018 15:28:54 -0000

On Wed, Dec 19, 2018 at 6:47 AM Niels ten Oever
<lists@digitaldissidents.org> wrote:
>
> I think the unclarity here is about the nature of causation, and more specifically about the priority of events. Because the exchange of private data between a registrar and a VSP on the one hand, and the use of the verification code on the other hand, is of a necessary deterministic nature, I do think the considerations are applicable.

Then the text should say that. As it stands, the current text makes it
sound like the IETF is enabling some new method for human rights abuse
that otherwise would not be available to an abusive authority, and
that is absolutely not true. In fact, the text should be clearer on
the point that this mechanism does not give an abusive authority any
more leverage to violate human rights than they already posses.

-andy

v2.23.0 | Report a Bug | By Email