wordsmithing on description of protections for personalization data

[kaduk]

The -17 tweaked some text to now read "Implementations must support encryption to preserve the confidentiality and integrity of such Personalized Data, which may potentially contain sensitive data." which on the whole is an improvement from the previous phrasing for overall clarity. However, it does seem to have lost some meaning regarding the integrity protection of personalization data, as (if I remember correctly) some non-encryption mechanism might be used to preserve integrity of the personalization data. We may want to split the confidentiality and integrity protection guidance into separate clauses or even separate sentences to be clear about what behavior is required.

(Also, the new text uses "personalized" rather than "personalization" as is still used in the rest of the document.)

[mingpeiwk]

How about the following revision?

"Implementations must support encryption for confidentiality of such Personalization Data, which may potentially contain sensitive data. Implementations must also support mechanisms for integrity protection of such Personalization Data."

[mingpeiwk]

See PR #240

[dthaler]

Fixed in draft -18

[mingpeiwk]

Close this one for it has been reviewed in IETF 114.