Privacy Requirements for IETF Protocols
It is the consensus of the IETF that IETF protocols be designed to
avoid privacy violations to the extent possible. This document
establishes a number of protocol design choices as Best Current
Practices for the purpose of avoiding such violations....
The IETF has long-standing principles that support strong security in
protocol design and a tradition of encouraging protocol designers to
take these principles into account. [RFC1984] articulated the view
that encryption is an important tool to protect the cofidentiality of
communications, and that as such it should be encouraged and
available to all. [RFC3365] requires that all protocols implement
strong security. [RFC3552] provides guidance about how to consider
security in protocol design and how to document security choices. In
[RFC2804], the IETF established a policy of not considering
wiretapping requirements in IETF protocols. [RFC6973] explains the
many different aspects of privacy that can be affected by Internet
protocol design and provides guidance to help designers consider
privacy in their work. This document extends the existing body of
IETF principles concerning security by articulating Best Current
Practices for avoiding egregious privacy violations and establishing
support for privacy as a principle of IETF protocol design.
These principles, old and new, should be applied when designing new
protocols, and where applicable, should be considered for updates of
existing protocols.
list."
[
ietf-privacy -- Internet Privacy Discussion List
Cheers,
- Robin Cover
--
Robin Cover
OASIS, Director of Information Services
Editor, Cover Pages and XML Daily Newslink
Email:
robin@oasis-open.org
Staff bio:
http://www.oasis-open.org/people/staff/robin-cover
Cover Pages:
http://xml.coverpages.org/
Newsletter:
http://xml.coverpages.org/newsletterArchive.html
Tel: +1 972-296-1783