Re: [Asrg] C/R Thoughts: Take 1

Vernon Schryver <vjs@calcite.rhyolite.com> Tue, 13 May 2003 16:50 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA19780 for <asrg-archive@odin.ietf.org>; Tue, 13 May 2003 12:50:22 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4DGGSb08229 for asrg-archive@odin.ietf.org; Tue, 13 May 2003 12:16:28 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4DGGSB08226 for <asrg-web-archive@optimus.ietf.org>; Tue, 13 May 2003 12:16:28 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA19743; Tue, 13 May 2003 12:49:52 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Fd0F-0005qp-00; Tue, 13 May 2003 12:51:48 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19Fd0F-0005qm-00; Tue, 13 May 2003 12:51:47 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4DGFIB08133; Tue, 13 May 2003 12:15:18 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4DG3kB06405 for <asrg@optimus.ietf.org>; Tue, 13 May 2003 12:03:46 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA19457 for <asrg@ietf.org>; Tue, 13 May 2003 12:37:10 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Fcnx-0005ln-00 for asrg@ietf.org; Tue, 13 May 2003 12:39:05 -0400
Received: from calcite.rhyolite.com ([192.188.61.3]) by ietf-mx with esmtp (Exim 4.12) id 19Fcnw-0005lk-00 for asrg@ietf.org; Tue, 13 May 2003 12:39:05 -0400
Received: (from vjs@localhost) by calcite.rhyolite.com (8.12.9/8.12.9) id h4DGe9wb028830 for asrg@ietf.org env-from <vjs>; Tue, 13 May 2003 10:40:09 -0600 (MDT)
From: Vernon Schryver <vjs@calcite.rhyolite.com>
Message-Id: <200305131640.h4DGe9wb028830@calcite.rhyolite.com>
To: asrg@ietf.org
Subject: Re: [Asrg] C/R Thoughts: Take 1
References: <200305131449.h4DEnkZj023207@nic-naa.net>
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Tue, 13 May 2003 10:40:09 -0600

> From: Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
> To: "Jon Kyme" <jrk@merseymail.com>

> ...
> > Of course the *sender* isn't aware (in advance) that this particular
> > 3rd party is handling the mail. 

I'm not sure the SpamArrest crime qualifies as a privacy issue for the
sender.  As a sender, you can't know whether the recipient of your mail
will respect its privacy.  Must every recipient of mail publish some
kind of policy that will be "certified" by an officious uselessness like
TrustE in the U.S?  Even if it is an issue for the sender, it seems the
recipient is on the hook for preventing abuses like SpamArrest's.


> ...
> > That would be nice.  No negative privacy impact is a "requirement".
>
> The vagueness of this concerns me.

That it is an impossible to satisfy requirement bothers me.

Many spam defenses involve consulting third parties.  For examples,
consulting third parties for authentication, to determine whether a
message is bulk, or whether the sender is an infamous spammer are
fundamental to many spam defenses.  In each case, the question
itself divulges information that can be very sensitive.  For example,
knowing that bill.gates@microsoft.com received a message from
steve.jobs@apple.com might be turned into a lot of money on the stock
market.  Letting the FBI know that O.binLaden@example.com received a
message from you could get you an indefinite secret confinement.

As with security, nothing it perfect.  What we can and must do is
minimize and fully disclose the privacy problems of spam defense.


Vernon Schryver    vjs@rhyolite.com
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg