On Thu, Oct 21, 2010 at 02:49:56PM +0100, Jim Reid wrote:
If you don't like the current policy, you are welcome to suggest changes.
The policy does not require personal ID copies kept by the NCC.
OK, so you want to pick nits.
That's not nit picking. I just pointed out that there is a distinction between policy (what "we" decided) and implementation (what NCC made out of the policy framework 2007-01). You certainly have a point that the policy probably gives too much a card blanche about implementation to NCC, allowing NCC to be overly heavy-handed about certain aspects. Did I interprete you correctly? I'm not a lawyer, and not into dutch contract law, so I'm not really qualified what the minimum certainty level is required for NCC (but I'm sure that no gov ID is required). So my suggestion would be for NCC to explain reasoning for such drastic measures and come forward with alternatives which they deem legally sufficient. Approaches (sole and/or in combination) I can immediately think of: - use LIR as authentication proxy - dummy financial transaction (e.g. credit card charge) - challenge-response via snail mail Regards, Daniel -- CLUE-RIPE -- Jabber: dr@cluenet.de -- dr@IRCnet -- PGP: 0xA85C8AA0