IETF Logo Mail Archive

Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports

ned+dmarc@mrochek.com Wed, 23 December 2020 17:14 UTC

Return-Path: <ned+dmarc@mrochek.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C80393A0E6C for <dmarc@ietfa.amsl.com>; Wed, 23 Dec 2020 09:14:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mrochek.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TZX6GYl-aWmm for <dmarc@ietfa.amsl.com>; Wed, 23 Dec 2020 09:14:37 -0800 (PST)
Received: from mauve.mrochek.com (mauve.mrochek.com [98.153.82.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A29313A0E6B for <dmarc@ietf.org>; Wed, 23 Dec 2020 09:14:37 -0800 (PST)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RTICXNQJ0G0057V6@mauve.mrochek.com> for dmarc@ietf.org; Wed, 23 Dec 2020 09:09:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mrochek.com; s=201712; t=1608743375; bh=yRCvVM7Zpf/GigDC9dILwXXkEwb3v9miSZi6xplD4fA=; h=From:Cc:Date:Subject:In-reply-to:References:To:From; b=fywfI+XXiw+qbc+jLfB0XHOUTSxghbhw9HJrryBg2hVVX4wyGTDcfVtj8JnLSIIyI r+tf778cAKvXRvGr2bM7eabTqWSDvEysPj0kHMj/28o5vJnJ5b/gdvXQljE84he//1 FNc8bB1Z8q5WMFCKmXxT9H90R35/Z5dVNaZ/aj58=
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: TEXT/PLAIN; CHARSET="US-ASCII"
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RTI8T4T2BK0085YQ@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for dmarc@ietf.org; Wed, 23 Dec 2020 09:09:30 -0800 (PST)
From: ned+dmarc@mrochek.com
Cc: John R Levine <johnl@taugh.com>, IETF DMARC WG <dmarc@ietf.org>, Alessandro Vesely <vesely@tana.it>
Message-id: <01RTICXKLL3E0085YQ@mauve.mrochek.com>
Date: Wed, 23 Dec 2020 08:54:01 -0800
In-reply-to: "Your message dated Wed, 23 Dec 2020 05:56:04 -0500" <CAJ4XoYdXWTgADpdL1eJuYGnpSY038vj-FW_x1f2rEp1JL0r2oA@mail.gmail.com>
References: <20201218023900.E73B82ACBB2B@ary.qy> <4a43ffaa-3987-c892-cce7-56f18888cdf5@tana.it> <39125012-e356-d62d-36fd-a7ff25a9f59f@taugh.com> <e6880ba9-f5f3-1050-25c0-658551187512@tana.it> <6bba023-d3d9-63a5-8441-11dac9a05e28@taugh.com> <74051a64-871a-db72-b5d9-1be374e23015@tana.it> <a323077-9b64-555b-3561-62cdc93819fd@taugh.com> <a8281e16-9417-5189-df73-79ea0a865fbd@tana.it> <c713b9ae-a364-1ae0-e79-55f61624aa3d@taugh.com> <3034face-b6fc-0ce2-fa1b-f59210bd6f5b@tana.it> <46339b38-3b24-bcb7-5e73-8a97038ed69@taugh.com> <3997c81d-3b30-0823-a752-fb1d60a44593@tana.it> <74a5c37-19a6-6f6f-a51d-6e5cca5b29e8@taugh.com> <CAJ4XoYdXWTgADpdL1eJuYGnpSY038vj-FW_x1f2rEp1JL0r2oA@mail.gmail.com>
To: Dotzero <dotzero@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/1gVP_bjaHywHskHu42W36jA_ewE>
Subject: Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Dec 2020 17:14:39 -0000

> On Tue, Dec 22, 2020 at 11:39 AM John R Levine <johnl@taugh.com> wrote:

> > I think that text is way too long and overspecific but we've already spent
> > too much time on this so I'll stop and see if there are other opinions.
> >
> >
> > On Tue, 22 Dec 2020, Alessandro Vesely wrote:
> > > OLD
> > >
> > >   "Failure reports," or "failed message reports," provide diagnostic
> > >   information about messages that a Mail Receiver has determined do not
> > >   pass the DMARC mechanism.  These reports are generally sent at the
> > >   time such messages are received and evaluated, to provide the Domain
> > >   Owner with timely notification that such failures are occurring, and
> > >   to provide information that may assist in diagnosing the cause of the
> > >   failures.
> > >
> > >
> > > NEW
> > >
> > >   Failure reports provide detailed information about the failure of a single
> > >   message or a group of similar messages failing for the same reason. They
> > >   are meant to aid extreme cases where a domain owner is unable to detect why
> > >   failures reported in aggregate form did occur.  As an extension of other
> > >   kinds of failure notifications, these reports can contain either the content
> > >   of a failed message or just its header.  The latter characteristic entails
> > >   severe privacy concerns.  For that reason, and because it turned out not to
> > >   be important, failure reporting is usually disabled.

> The following is factually and technically incorrect: " The latter
> characteristic entails severe privacy concerns." The latter characteristic
> "the header". In fact, the full message can contain much more PII and/or
> PHI.

Quite right. It's also unforunate that we appear to be spending more arguing
about what consistutes a legitimate privacy concern than reviewing proposed
text.

I also note that saying what's "usually done", even if currently correct, is at
best the province of a BCP. It has no business being in a standard.

> I agree with John. I'll go further and say that the working group should
> focus on what the IETF does best - technical specifications that involve
> interoperability - and avoid straying too far into the realms of law and
> politics. While the EU and GDPR may impact choices that operators make,
> there are other legal jurisdictions in the world. Further, my experience
> has been that many operators (receivers) only provide failure reports when
> contractual relationships (direct or indirect) exist between the parties
> involved. This can certainly meet the privacy requirements of GDPR and
> other privacy regulations.

Agreed, but none of this belongs in the standard either. All the standard needs
to say is that message header and bodies can contain personally identifiable
information and that this may affect the choice of whether or not to send
failure reports. Something like:

  Failure reports provide detailed information about the failure of a single
  message or a group of similar messages failing for the same reason. They
  are meant to aid in cases where a domain owner is unable to detect why
  failures reported in aggregate form did occur. It is important to note
  these reports can contain either the header or the entire content of a
  failed message, which in turn may contain personally identifiable
  information, which should be considered when decoding whether or not to
  generate such reports.

				Ned

v2.23.0 | Report a Bug | By Email