[Ietf-not43] Suggestions of changes to the requirements document

[Jaap Akkerhuis]

    So you should simply omit private fields from answers, rather than
    substituting them with a warning message such as "<private>", as per
    my proposal? Personally, I think that there should be an explicit and
    standard "<private>" answer, because it will allow the user (and the
    maintainer of the service) to tell between incomplete or missing
    answers that happen because the rest of the data are private, and
    incomplete or missing answers that happen because of a bug in the
    implementation, a fault, or a problem in the data base. Otherwise you
    may risk that users try again and again to submit queries that do not
    receive complete answers due to privacy settings, because they think
    they were incomplete due to a temporary fault.
    

What the answer is on such "private" fields is policy as well. In
the Dutch registry some opt-out fields are silently replaced by
other information. Contact data for registrants, when opted-out is
replaced by contact data of the registrar. The assumption is here
that if there are really urgent matters why the registrant needs
to be contact, the registrar is the most likely one to know. Otjer
registries are likely to have other policies. Just flagging "opted
out" or somethong like that is just one option.

	jaap