IETF Logo Mail Archive

Re: [apps-discuss] Alissa Cooper's Discuss on draft-ietf-appsawg-sieve-duplicate-07: (with DISCUSS and COMMENT)

Stephan Bosch <stephan@rename-it.nl> Thu, 26 June 2014 08:10 UTC

Return-Path: <stephan@rename-it.nl>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A21071B2AF1; Thu, 26 Jun 2014 01:10:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.456
X-Spam-Level:
X-Spam-Status: No, score=-0.456 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, RP_MATCHES_RCVD=-0.651] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tv-6N94rcsKP; Thu, 26 Jun 2014 01:10:22 -0700 (PDT)
Received: from drpepper.rename-it.nl (drpepper.rename-it.nl [217.119.238.16]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09D9D1B2AFF; Thu, 26 Jun 2014 01:10:20 -0700 (PDT)
Received: from klara.student.utwente.nl ([130.89.162.218]:59743 helo=[10.168.3.2]) by drpepper.rename-it.nl with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from <stephan@rename-it.nl>) id 1X04ky-0000HL-3X; Thu, 26 Jun 2014 10:10:09 +0200
Message-ID: <53ABD51C.4010408@rename-it.nl>
Date: Thu, 26 Jun 2014 10:09:00 +0200
From: Stephan Bosch <stephan@rename-it.nl>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Alissa Cooper <alissa@cooperw.in>
References: <20140620004041.5801.22430.idtracker@ietfa.amsl.com> <53A3E7EB.1030604@rename-it.nl> <CFCDF85C.42C1C%alissa@cooperw.in> <53A9E736.9080709@rename-it.nl> <01P9EFAYDH680049PU@mauve.mrochek.com> <53AA7206.7040905@rename-it.nl> <01P9EV40R78G0049PU@mauve.mrochek.com> <CFD06967.43175%alissa@cooperw.in>
In-Reply-To: <CFD06967.43175%alissa@cooperw.in>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-RenameIT-MailScanner-SpamScore: -2.3 (--)
X-RenameIT-MailScanner-SpamCheck: No, score=-2.3 required=5.0 tests=ALL_TRUSTED, BAYES_00 autolearn=ham version=3.3.1
Archived-At: http://mailarchive.ietf.org/arch/msg/apps-discuss/Fubfoy5IO-X1dHML2KQQynzYZWk
Cc: appsawg-chairs@tools.ietf.org, ned+ietf@mrochek.com, draft-ietf-appsawg-sieve-duplicate@tools.ietf.org, apps-discuss@ietf.org, The IESG <iesg@ietf.org>
Subject: Re: [apps-discuss] Alissa Cooper's Discuss on draft-ietf-appsawg-sieve-duplicate-07: (with DISCUSS and COMMENT)
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss/>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jun 2014 08:10:23 -0000

Hi Alissa,

On 6/25/2014 12:58 PM, Alissa Cooper wrote:
> "The list of unique IDs used for duplicate tracking can include
> privacy-sensitive information, such as Message-ID values, content of
> subject lines, and content extracted from message bodies. Implementations
> SHOULD protect that information, by obscuring it through hashing (see the
> note at the end of Section 3.2) and/or by storing it with a level of
> access control equivalent to that of the messages themselves.
>
> These measures will not prevent an entity that has access to the duplicate
> tracking list from querying whether messages with certain Message-ID
> values were received. As this operation is the essence of the "duplicate"
> test, this cannot be prevented, and may violate the expectations of the
> user. For example, a user who downloads or deletes a message may expect
> that no record of it remains on the server, but that will not be true if
> its Message-ID is persisted on the server in the duplicate tracking list.
>
> It's notable, however, that server logs will often store the information
> present on the duplicate tracking list anyway, and probably would expose
> plaintext Message-IDs for a much longer period than this mechanism would.
> Users of email services that intentionally delete such logs with the
> intent of limiting traceability should be made aware that use of the
> duplicate tracking mechanism re-exposes this information for the duration
> of the expiry interval. In those situations, a shorter default expiry may
> also be appropriate since users of these services may be willing to trade
> off a more limited retention of the duplicate tracking list information
> against the fact that every duplicate will not necessarily be eliminated
> with a shorter expiry."

Applied in -08. But I made the final paragraph a bit shorter.

Regards,

Stephan.

v2.23.0 | Report a Bug | By Email