wordsmithing on description of protections for personalization data #239
Assignees
Labels
ready to close
Ready for WG chairs to verify and close
Comments
|
How about the following revision? "Implementations must support encryption for confidentiality of such Personalization Data, |
|
See PR #240 |
dthaler
added
fixed in editors copy
ready to close
|
Fixed in draft -18 |
|
Close this one for it has been reviewed in IETF 114. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The -17 tweaked some text to now read "Implementations must support encryption to preserve the confidentiality and integrity of such Personalized Data, which may potentially contain sensitive data." which on the whole is an improvement from the previous phrasing for overall clarity. However, it does seem to have lost some meaning regarding the integrity protection of personalization data, as (if I remember correctly) some non-encryption mechanism might be used to preserve integrity of the personalization data. We may want to split the confidentiality and integrity protection guidance into separate clauses or even separate sentences to be clear about what behavior is required.
(Also, the new text uses "personalized" rather than "personalization" as is still used in the rest of the document.)
The text was updated successfully, but these errors were encountered: