Re: [apps-discuss] Alissa Cooper's Discuss on draft-ietf-appsawg-sieve-duplicate-07: (with DISCUSS and COMMENT)
Stephan Bosch <stephan@rename-it.nl> Thu, 26 June 2014 08:10 UTC
Return-Path: <stephan@rename-it.nl>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A21071B2AF1; Thu, 26 Jun 2014 01:10:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.456
X-Spam-Level:
X-Spam-Status: No, score=-0.456 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, RP_MATCHES_RCVD=-0.651] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tv-6N94rcsKP; Thu, 26 Jun 2014 01:10:22 -0700 (PDT)
Received: from drpepper.rename-it.nl (drpepper.rename-it.nl [217.119.238.16]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09D9D1B2AFF; Thu, 26 Jun 2014 01:10:20 -0700 (PDT)
Received: from klara.student.utwente.nl ([130.89.162.218]:59743 helo=[10.168.3.2]) by drpepper.rename-it.nl with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from <stephan@rename-it.nl>) id 1X04ky-0000HL-3X; Thu, 26 Jun 2014 10:10:09 +0200
Message-ID: <53ABD51C.4010408@rename-it.nl>
Date: Thu, 26 Jun 2014 10:09:00 +0200
From: Stephan Bosch <stephan@rename-it.nl>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Alissa Cooper <alissa@cooperw.in>
References: <20140620004041.5801.22430.idtracker@ietfa.amsl.com> <53A3E7EB.1030604@rename-it.nl> <CFCDF85C.42C1C%alissa@cooperw.in> <53A9E736.9080709@rename-it.nl> <01P9EFAYDH680049PU@mauve.mrochek.com> <53AA7206.7040905@rename-it.nl> <01P9EV40R78G0049PU@mauve.mrochek.com> <CFD06967.43175%alissa@cooperw.in>
In-Reply-To: <CFD06967.43175%alissa@cooperw.in>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-RenameIT-MailScanner-SpamScore: -2.3 (--)
X-RenameIT-MailScanner-SpamCheck: No, score=-2.3 required=5.0 tests=ALL_TRUSTED, BAYES_00 autolearn=ham version=3.3.1
Archived-At: http://mailarchive.ietf.org/arch/msg/apps-discuss/Fubfoy5IO-X1dHML2KQQynzYZWk
Cc: appsawg-chairs@tools.ietf.org, ned+ietf@mrochek.com, draft-ietf-appsawg-sieve-duplicate@tools.ietf.org, apps-discuss@ietf.org, The IESG <iesg@ietf.org>
Subject: Re: [apps-discuss] Alissa Cooper's Discuss on draft-ietf-appsawg-sieve-duplicate-07: (with DISCUSS and COMMENT)
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss/>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jun 2014 08:10:23 -0000
Hi Alissa, On 6/25/2014 12:58 PM, Alissa Cooper wrote: > "The list of unique IDs used for duplicate tracking can include > privacy-sensitive information, such as Message-ID values, content of > subject lines, and content extracted from message bodies. Implementations > SHOULD protect that information, by obscuring it through hashing (see the > note at the end of Section 3.2) and/or by storing it with a level of > access control equivalent to that of the messages themselves. > > These measures will not prevent an entity that has access to the duplicate > tracking list from querying whether messages with certain Message-ID > values were received. As this operation is the essence of the "duplicate" > test, this cannot be prevented, and may violate the expectations of the > user. For example, a user who downloads or deletes a message may expect > that no record of it remains on the server, but that will not be true if > its Message-ID is persisted on the server in the duplicate tracking list. > > It's notable, however, that server logs will often store the information > present on the duplicate tracking list anyway, and probably would expose > plaintext Message-IDs for a much longer period than this mechanism would. > Users of email services that intentionally delete such logs with the > intent of limiting traceability should be made aware that use of the > duplicate tracking mechanism re-exposes this information for the duration > of the expiry interval. In those situations, a shorter default expiry may > also be appropriate since users of these services may be willing to trade > off a more limited retention of the duplicate tracking list information > against the fact that every duplicate will not necessarily be eliminated > with a shorter expiry." Applied in -08. But I made the final paragraph a bit shorter. Regards, Stephan.
- [apps-discuss] Alissa Cooper's Discuss on draft-i… Alissa Cooper
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Stephan Bosch
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Dave Crocker
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Barry Leiba
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Stephan Bosch
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Barry Leiba
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Pete Resnick
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Barry Leiba
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Alissa Cooper
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Alissa Cooper
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Cyrus Daboo
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Arnt Gulbrandsen
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Barry Leiba
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Stephan Bosch
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Stephan Bosch
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Ned Freed
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Stephan Bosch
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Ned Freed
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Alissa Cooper
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Barry Leiba
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Alissa Cooper
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Dave Cridland
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Barry Leiba
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Eric Burger
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Ned Freed
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Stephan Bosch
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Stephan Bosch
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Stephan Bosch
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Stephan Bosch
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Barry Leiba