IETF Logo Mail Archive

[dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports

Alessandro Vesely <vesely@tana.it> Thu, 17 December 2020 18:25 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5043F3A0E67 for <dmarc@ietfa.amsl.com>; Thu, 17 Dec 2020 10:25:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 93GcPzRLmSX9 for <dmarc@ietfa.amsl.com>; Thu, 17 Dec 2020 10:25:51 -0800 (PST)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE0CF3A0E4D for <dmarc@ietf.org>; Thu, 17 Dec 2020 10:25:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1608229548; bh=OFXYjYD/Kekzd5CFKqbW7KzfN82SN9ujcr9mCk6sDqA=; l=740; h=To:From:Date; b=DCVQ7gBsyuEU9joV3HZikiHhPK/YV7a3FDcWmKgKNrgnKbxOU9tEe+W8e8AwyzArz SJmkUMyquhGZ+/7bVKT6LjoEcCbb0as6vlyzH7UAnSuLqSpP/bE2RMCpTwkTUDPhVF 5ootiYOnrGh6MrVBRRk639w06SsLoRlQenct5MSabSw8ilYMZGBbvwoJHszXc
Authentication-Results: tana.it; auth=pass (details omitted)
Original-From: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC026.000000005FDBA2AC.00002D6B; Thu, 17 Dec 2020 19:25:48 +0100
To: dmarc-ietf <dmarc@ietf.org>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <cc4e4665-f55b-bec7-760d-ae6ae3d01ee1@tana.it>
Date: Thu, 17 Dec 2020 19:25:48 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/6sGcP6ncI6IMfVhD06skntDMXrs>
Subject: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2020 18:25:52 -0000

We would like to close this ticket two weeks from now, by the end of the year, 
so please get on it.

The ticket text is just:

     Make it clear in privacy considerations that failure reports can provide
     PII well beyond a domain name, and are not sent by most receivers.


Currently, the dmarc-failure-reporting draft includes the Privacy 
Considerations of RFC 7489.  They address which kind of privacy policy may 
conflict with failure reporting.  Yet, that section doesn't say what PII is 
contained in a reported message, except generically mentioning that "These 
reports may expose sender and recipient identifiers (e.g., RFC5322.From 
addresses)".


Do we need to clarify more?

Any lawyers in this WG?


Best
Ale
--

v2.23.0 | Report a Bug | By Email