[art] Alissa Cooper's No Objection on draft-ietf-appsawg-mdn-3798bis-15: (with COMMENT)

"Alissa Cooper" <alissa@cooperw.in> Wed, 30 November 2016 15:22 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Alissa Cooper <alissa@cooperw.in>
To: The IESG <iesg@ietf.org>
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <148051936421.14054.3370105373759594391.idtracker@ietfa.amsl.com>
Date: Wed, 30 Nov 2016 07:22:44 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/ECj4r4jMnZbjt37GZM_UMVkrm7M>
Cc: appsawg-chairs@ietf.org, draft-ietf-appsawg-mdn-3798bis@ietf.org, superuser@gmail.com, Barry Leiba <barryleiba@computer.org>, art@ietf.org
Subject: [art] Alissa Cooper's No Objection on draft-ietf-appsawg-mdn-3798bis-15: (with COMMENT)

Alissa Cooper has entered the following ballot position for
draft-ietf-appsawg-mdn-3798bis-15: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-appsawg-mdn-3798bis/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thanks for the good work to improve the privacy properties here.

= Section 6.2 =

"Disposition mode (Section 3.2.6.1) can leak information about
   recipient's MUA configuration, in particular whether MDNs are
   acknowledged manually or automatically.  If this is a concern, MUAs
   can return "manual-action/MDN-sent-manually" disposition mode in
   generated MDNs."

I see why this is here, but doesn't recommending falsifying these fields
put their integrity in question whenever they are set to manual? I mean,
why would recipients trust this information if the RFC actually suggests
sending a field that lies about an MDN being automatically acknowledged?

= Section 6.2.2 =

"The "Reporting-UA" field (Section 3.2.1) might contain enough
   information to uniquely identify a specific device, usually when
   combined with other characteristics, particularly if the user agent
   sends excessive details about the user's system or extensions.
   However, the source of unique information that is least expected by
   users is proactive negotiation, including the Accept-Language header
   fields."

I think the use of "However" is tripping me up here. Earlier in the
document you have good recommendations about how to mitigate the risk of
fingerprinting based on the Reporting-UA field. That guidance is valid
regardless of whether other header fields might also contribute to
fingerprinting or whether users would expect that (frankly, I don't see
how user expectations are relevant here, since most users don't
understand fingerprinting anyway). I think something along the following
lines to replace the last sentence above would be more accurate: "Even
when the guidance in Section 3.2.1 is followed to avoid fingerprinting,
other sources of unique information may still be present, including the
Accept-Language header fields."

[art] Alissa Cooper's No Objection on draft-ietf-… Alissa Cooper
Re: [art] Alissa Cooper's No Objection on draft-i… Barry Leiba
Re: [art] Alissa Cooper's No Objection on draft-i… Alissa Cooper
Re: [art] Alissa Cooper's No Objection on draft-i… Alexey Melnikov