IETF Logo Mail Archive

Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports

Michael Thomas <mike@mtcc.com> Tue, 05 January 2021 22:19 UTC

Return-Path: <mike@fresheez.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C92563A09E0 for <dmarc@ietfa.amsl.com>; Tue, 5 Jan 2021 14:19:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.013
X-Spam-Level:
X-Spam-Status: No, score=-2.013 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.248, NICE_REPLY_A=-0.262, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtcc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5xdmPwvsv0aW for <dmarc@ietfa.amsl.com>; Tue, 5 Jan 2021 14:19:43 -0800 (PST)
Received: from mail-pf1-x434.google.com (mail-pf1-x434.google.com [IPv6:2607:f8b0:4864:20::434]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 505133A08F9 for <dmarc@ietf.org>; Tue, 5 Jan 2021 14:19:43 -0800 (PST)
Received: by mail-pf1-x434.google.com with SMTP id d2so558806pfq.5 for <dmarc@ietf.org>; Tue, 05 Jan 2021 14:19:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mtcc.com; s=fluffulence; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=fYJMTHa9I9e6Mty2OEZaAkvmZXrpuzAtzX4Gk3MN/hQ=; b=KaG96XhkG+oA8iNMkdzBmmwhda3ewPmudqPlhNkjgbtrnq3M/i0TQrm+uEeFeIfZrG p74pvzYAVbJXwB29Uvel1KmIUBDoyG/SFVsWUKNxuOlilCmfX7nFUiTIaLrClEJm5YnN EaOQI8OJpp8BwTA/PTdRhjgZl8dnh/unXelMTFmkCRdGnphDJVmVUG4u+fzJy3//X1+Z ZW5zwZLsVdwdkKSGfqkbXlL5xsNC7IneSafwWj65EmVm83GXNyR8zRuDBP5SVok53V2v Ls8pR0yuZUrnpEAwL1JTHS7mJy+uuUk4vd90FidkpeocVatQIv5oYa/0ECtciNQBbkzY OK5A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=fYJMTHa9I9e6Mty2OEZaAkvmZXrpuzAtzX4Gk3MN/hQ=; b=rLGfZpx/Kd2LgelJ5vLbH9mw/RWwQPAgtXDtCh2B3n7ZM9Zf0l8KfRaOZlfBEMAoka CnzIDfzIgo1yI9WTcJOBMSJ0JuncF1kLL0QK0SH6n1e2CVs7rf/ChkmNKYQoMihpExBN hucSWnJh3lsA5wUHrdxPS15eooSxiFZ6Pnkn/VEwGsSKzNrM8ND/I1qM1Efgv/vvqxS0 eNzS3IMBLsQcGy/d49uBt4j2DegNrqQHJeepDsj8FiVAv1eUZQWxEyeAvNcdTyvGZweu qapjQ4ViTak5oA5Y39VdVoJhTG6I1VjGW9LyFbNk3dQwAWwAzOYvjzPxjYeYUe91CQHL LDxQ==
X-Gm-Message-State: AOAM531bvavURs2wufIv8oT+NjwW+zxAekKbxtpzm9E80fqJXASHoX5E M4RNvgHjNRV1odCkx6Ib4XXLEEJY2eLEsw==
X-Google-Smtp-Source: ABdhPJwnqLO9p6HdV+Udz3s7Oe9GDFKvqkwVdGqh9CAldrt9+nqIFT/ps1eGFDh6qDhYyM2dxKd+ag==
X-Received: by 2002:a62:6d06:0:b029:1a8:4d3f:947a with SMTP id i6-20020a626d060000b02901a84d3f947amr1058451pfc.6.1609885182263; Tue, 05 Jan 2021 14:19:42 -0800 (PST)
Received: from mike-mac.lan (107-182-39-88.volcanocom.com. [107.182.39.88]) by smtp.gmail.com with ESMTPSA id d133sm347633pfd.6.2021.01.05.14.19.41 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 05 Jan 2021 14:19:41 -0800 (PST)
To: Dave Crocker <dcrocker@gmail.com>, dmarc@ietf.org
References: <20210104174623.2545154CFF9F@ary.qy> <FD45F9FC-46B0-40A9-ADC6-DDD7650D62F2@bluepopcorn.net> <ae77d9f-6f63-16ca-903a-7cb463a7b58d@taugh.com> <CABuGu1o2t7WaEOh+nsx3_MRUGgGHqKHzQ9302FM9-HL0GxvJvA@mail.gmail.com> <f15c8f53-8075-99a1-83c7-f687200e6a94@gmail.com> <f640ee95-ba0a-6aa7-1a14-2af1db151e27@mtcc.com> <050e8614-c088-a165-a733-35c5eee52eed@gmail.com> <cd3a41e8-cc4f-05eb-5c86-47b0047e8d08@mtcc.com> <d9e23994-8666-5c3f-3e42-9a12a2ed6daf@gmail.com> <974f9dcd-33ec-9d11-7857-3a473f994a2c@mtcc.com> <72d6bc7d-6862-8184-9f16-e1cc14120239@gmail.com> <f9244f50-8748-a395-a412-ca82bfe6bbea@mtcc.com> <4f2250f2-cc1c-5c3e-3d64-fa0e8b4ad086@gmail.com> <fcd84963-48dd-1fd0-a754-769f8cd7b58c@mtcc.com> <cba89cdb-40c6-48ff-45a0-287117a90385@gmail.com>
From: Michael Thomas <mike@mtcc.com>
Message-ID: <215493fa-a033-e5b0-ce8d-4a409ae93684@mtcc.com>
Date: Tue, 05 Jan 2021 14:19:40 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <cba89cdb-40c6-48ff-45a0-287117a90385@gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/0POiyISYS9MaS38zhgPiHPMIDUA>
Subject: Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jan 2021 22:19:45 -0000

On 1/5/21 2:07 PM, Dave Crocker wrote:
> On 1/5/2021 1:58 PM, Michael Thomas wrote:
>> On 1/5/21 1:49 PM, Dave Crocker wrote:
>>> On 1/5/2021 1:20 PM, Michael Thomas wrote:
>>>> On 1/5/21 1:18 PM, Dave Crocker wrote:
>>>>> On 1/5/2021 12:55 PM, Michael Thomas wrote:
>>>>>> It also says with actual data that your assertion that users 
>>>>>> can't be trusted for anything is not correct.
>>>>> I didn't say that.  And it didn't say that.
>>>> "Also, receiver filtering engines are all that matter." The word 
>>>> all includes human beings. That's the nature of "all".
>>> 1. In terms of average use for typical email, it is.
>> What study asserts that for email? You wouldn't take my word for it 
>> if I said that. But of course I wouldn't make a categorical statement 
>> without empirical evidence.
>
> You seem to be seeing a requirement to prove the negative, while the 
> actual requirement is to prove the positive.  A claim that there is 
> meaningful efficacy, for average recipients, by having visual trust 
> indicators, requires affirmative demonstration that there is.  There 
> is no requirement to prove there isn't.  My point is that we have 
> decades of belief that it's useful but no demonstration that it 
> actually is.  And we have history such as the EV effort, showing that 
> it isn't.
>
> Your focus on email, as somehow distinctive, would need some basis for 
> ignoring the web experience.  Feel free to provide it.

Your example of web is fraught because web stuff has had visual 
indicators for decades now, and trying to compare EV certs isn't 
especially a good example because the situations are not the same. At 
least this study is directly relevant and it doesn't support your 
categorical statement. This is actually a Good Thing.

I did provide it with that paper. You seem to be dismissing it out of 
hand in favor of something that isn't even email based. We are here 
because of email, so I think that's pretty relevant.

>
>> You really should read the paper.
>
> Your implication that I haven't is both odd and troublesome.
>
In 15 minutes? It's like 30 pages long and very technical. And you're 
asking me whether I read it closely? If you have read it before, just 
say that. If you haven't you can skip to the part that doesn't support 
your categorical statement.

Mike

v2.23.0 | Report a Bug | By Email