[Ietf-not43] -02 requirements draft
Eric A. Hall
ehall@ehsco.com
Wed, 06 Nov 2002 20:18:15 -0600
on 11/6/2002 6:42 PM Ted Hardie wrote:
> I read that as saying that the service must be able to distinguish
> between those who have a right to ask for priviledged data and those
> who do not, and I'd put "Direct Marketer" and "law enforcment"
> in two different places in that dichotomy.
The mere existence of a mechanism does not mean that anybody will provide
or honor it. In particular, the mere existence of a mechanism is unlikely
to give law enforcement personnel greater access via a catalog server
since the cache will likely only contain non-privileged information in the
first place. In the secondary case where a query is sent to the owner's
server directly, there is no way to guarantee that the credentials are
either ignored or purposefully misdirected ("law enforcement gets this set
of lies" in particular).
IOW, "privilege" is always a local consideration, and does not address the
"requirements" of the actors listed in Leslie's message. Even if those
actors do get some kind of privilege at some servers, there is no way to
require that all of the autonomous servers provide the same privilege.
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/