Re: [dmarc-ietf] [EXTERNAL] Re: Ticket #64 - Contained Data PII Concerns

"Brotman, Alex" <Alex_Brotman@comcast.com> Fri, 12 February 2021 20:50 UTC

Return-Path: <Alex_Brotman@comcast.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8796C3A0E3A for <dmarc@ietfa.amsl.com>; Fri, 12 Feb 2021 12:50:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.09
X-Spam-Level:
X-Spam-Status: No, score=-2.09 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8l94MU4-KNZc for <dmarc@ietfa.amsl.com>; Fri, 12 Feb 2021 12:50:09 -0800 (PST)
Received: from mx0b-00143702.pphosted.com (mx0b-00143702.pphosted.com [148.163.141.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 060823A0E2A for <dmarc@ietf.org>; Fri, 12 Feb 2021 12:50:08 -0800 (PST)
Received: from pps.filterd (m0184891.ppops.net [127.0.0.1]) by mx0b-00143702.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 11CKlRwj007236; Fri, 12 Feb 2021 15:50:08 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=20190412; bh=gOR0SMCkjOfRS3ULZ5MHYnvoCk0a/iCvn/3O/XWu8Uw=; b=M/GOkQf6LwwG4oq531VFBG36zL8gDBN06F1S3SohtxtOqueg+ai4QUBDbGkoBvbzR4bg 1LUqBin0pS1Y5iyNlVczn6ZoGAou7Kgww5/4QwStD6YOezFDSfFuxTGaeHBXjQ52YExI XANas1JLGEMZ+efQ2MVhZo1aZ+GYi9krSLaJKaDnbp49lrsQ3GPDDRry+icEwgItfSVF ODXpOMCytOxpI7LCihD/s+boGq5BGLqaRzhIF+WnunGhsyZM7cpFn+FBi+6Vi9gRIT7D IhViKTPCnFv2FAs+IyexQUxueBOcz9cFFp7fFZsOPHo84r/Qd7zu6nYbBWx5EUlcAdXw Gg==
Received: from pacdcex51.cable.comcast.com (dlppfpt-wc-1p.slb.comcast.com [96.99.226.136]) by mx0b-00143702.pphosted.com with ESMTP id 36nnkpdkyr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 12 Feb 2021 15:50:07 -0500
Received: from PACDCEX49.cable.comcast.com (24.40.2.148) by PACDCEX51.cable.comcast.com (24.40.2.150) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 12 Feb 2021 15:50:06 -0500
Received: from PACDCEXEDGE01.cable.comcast.com (76.96.78.71) by PACDCEX49.cable.comcast.com (24.40.2.148) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Fri, 12 Feb 2021 15:50:06 -0500
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.109) by webmail.comcast.com (76.96.78.71) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 12 Feb 2021 15:49:57 -0500
Received: from MN2PR11MB4351.namprd11.prod.outlook.com (2603:10b6:208:193::31) by BL0PR11MB3524.namprd11.prod.outlook.com (2603:10b6:208:73::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.29; Fri, 12 Feb 2021 20:49:55 +0000
Received: from MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::2495:cfaf:88ca:6b2d]) by MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::2495:cfaf:88ca:6b2d%7]) with mapi id 15.20.3846.027; Fri, 12 Feb 2021 20:49:55 +0000
From: "Brotman, Alex" <Alex_Brotman@comcast.com>
To: John Levine <johnl@taugh.com>, "dmarc@ietf.org" <dmarc@ietf.org>
Thread-Topic: [EXTERNAL] Re: [dmarc-ietf] Ticket #64 - Contained Data PII Concerns
Thread-Index: AdcBfLdYcAd1ycC0TvWJKBD11cOyegAA2haAAAAY+MA=
Date: Fri, 12 Feb 2021 20:49:55 +0000
Message-ID: <MN2PR11MB435180303B5EAD3349B189F1F78B9@MN2PR11MB4351.namprd11.prod.outlook.com>
References: <MN2PR11MB435185A171029EF4282A2BF4F78B9@MN2PR11MB4351.namprd11.prod.outlook.com> <20210212204624.BD53A6DDB3F5@ary.qy>
In-Reply-To: <20210212204624.BD53A6DDB3F5@ary.qy>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: taugh.com; dkim=none (message not signed) header.d=none;taugh.com; dmarc=none action=none header.from=comcast.com;
x-originating-ip: [2601:43:101:380:a087:5815:a25c:3021]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3258b5e6-6280-40ad-5fb7-08d8cf97c108
x-ms-traffictypediagnostic: BL0PR11MB3524:
x-microsoft-antispam-prvs: <BL0PR11MB3524A252DDFC9AA17E22F5BEF78B9@BL0PR11MB3524.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: PnNGzSE10lj2IPCQbgmL7aWjOt3T06smPiA4UpuOdao94576yEPggElOCAOxIKFqiasBsIlPKn4Ddodeecn4fvsUGl7S34TIZoEg61klKQM6uGD1IZqaBHc+t2E0ccaBEev4ektUcM9Tw9Rz5BoD3xvgIOiGDrJ4Ya8TSAsiaiUKiC5KH4OEYvSRSGNXsE73srC5pT8eikv+DHOcQYHueL3a5XP1TpYjp1m0wk2w8PhmjKt80PalUWEAiNnEadknN02glSZ7rLE6YBQ+O7WY22tkVDdsMyXBIURJx/r6hOs7ZRR5I3/TRAtHr/sOid6i/gGmD1IcQcR8kdt/QYEbb0rc/NAWYEzNaiwgJ2WZFphhqDFnSXPpOSFj2ASzv+o2RP6s31l7b8dD4lCa8e+qbg6IWt+YrlsA0HKYQ2JkOvhwjCI9xVWNad4nR19dWaR2/55Awq0y5svHj3kW5QDGfJWsSz/m3CI+CjElyGEG6L0bDpHrsLvjq9EfoOCYu8TG9jCrzhEXBpE97dPZtOu6q7yiR/GZVtQMWYWhd0HglKNc8ajsi4JDn3Q4rguPZxbszWhr3CgTDauW6nCOlXfvs4hcgg3SSNCT1dG9dEmeDcg=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4351.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(366004)(346002)(136003)(39860400002)(396003)(186003)(53546011)(83380400001)(71200400001)(6506007)(55016002)(9686003)(2906002)(33656002)(52536014)(64756008)(66446008)(66946007)(45080400002)(66556008)(86362001)(7696005)(66476007)(110136005)(316002)(5660300002)(8936002)(8676002)(76116006)(478600001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?utf-8?B?dUpBbUtGNlc4L3YrUCtNM1BZd1Y5UDRaRmp3UU1DdVEyeGtjaUp1dEtOaFB1?= =?utf-8?B?QWlSZlliMmlLK1NLa1RuVVYvaXA1VjZ0V1F4NlB5d0RpK0hmOHNvb2ZnYmta?= =?utf-8?B?elFFaGRjYXA2V1VKVzlWTW9YdVRBSWVsZ2EycnpKeVVFYkNWRWRtTGQzRWFK?= =?utf-8?B?QWREZk1Nbnh4aWZEeTE3dFFCREM5VTlyZFV5Y1dLb1B2UnByaTZEcDFrcDg0?= =?utf-8?B?UXJrcDE3MGR0V2VZZVRyajJZa2hZQVpMT0VtdmtkVlV0V1pjaVJZZ2hPUWRQ?= =?utf-8?B?T1JORXkyaTRiSHpIZzlKTWk0QmRKeitxa0p1eC9pSHNDNi9ZSW5wUm1UZ0xN?= =?utf-8?B?N055bG9tSW1kQkpUM3ZjNm9pa2RKR2JGR3A1bnJXTHN1ZnNvaHFUOTU0WXdM?= =?utf-8?B?ODJoYjVoRFBPY3ZqclJFVjg1Ri83ZVZtRXVKdWVNVEVIeHI4VjIvYkdSWkVR?= =?utf-8?B?aStiSXVsMUxRVElIdGtzbUF2a2xYaStMbTk5d3k0TWgwY1EyQURXWVpHeXpN?= =?utf-8?B?VURPOUZ2RGZPTTc3UTBEcFBPSlBkaDlxRmFwYyt5WmpHVzZya0UySFV5YTRj?= =?utf-8?B?ZzBhQjZ4VVFXVUhlYTQ3NERsSDhjTGdsWFUxeGNSUTJUNHQ5R2JNay93MmQ3?= =?utf-8?B?OWNSTDZTRk40d1Z1OHBHb05Sd25PV0FPSHUraHpyaEh3ekxXajUrZk1WQU5n?= =?utf-8?B?ZnE2OG51eTVveHlGR1JDczduOVJEbFJmSlBuODNJTkZuN04xQjRROEIvNVNm?= =?utf-8?B?NFJ4WHJVVHQvSWVKTnRNYUVWQXhybUJxWGlPdW1JaXdDUHBGdlo1a0FvMXcr?= =?utf-8?B?Ym84UnQrUldrN2ErQm9RU2hqSXB0SkRDMG9rQU1McjZqcUFKaklVaTI5Y1du?= =?utf-8?B?WVhHbnE1Y3hWTVNUNkk5eEVZZS9yNlBlcVZOYU92NUZLdTlyVmZyd0JOdUE3?= =?utf-8?B?Q0JtU1E4NXRaQUhndEF5cEFOOXhTZFFIQStaMy9YazhiMHlubHJZQlhSUVNQ?= =?utf-8?B?WUozVXpZZy9Wd283N0d2S1NrdUI1UEJBZEN4M1EweWRZa3c2Q0lET0JMclhs?= =?utf-8?B?WDZheHVBeHpCU3I4QlhYWnBVelRGSXQvcThFT2JJTFN1eVVzZ2FwK1FuRWQv?= =?utf-8?B?THZDUXNrRHU3TEZXbzhaSlI4OFpWQUo2cnhkTnk2eHpwSG1MaFJrOVBDd1F6?= =?utf-8?B?d3RTRlIyOVFzWGZURDRPVUFSVWozaEFBNjNxTDVJRkxmQWIyL1pmN2pLdUJ6?= =?utf-8?B?dmpQMG0zZ283aHhyeUNSa011ZmlRTTNGL2pQRG0vdVhQL1VweHhRVEs0ZWpy?= =?utf-8?B?b2M1ZHU0d3FVSnJ5WXE0aENhUktYNHVGSzlNR28yalVaWFIralVWcVgrdDh0?= =?utf-8?B?Sy9jejNMblRYeXhGeHI4YzdjRHR3QmQyV2xpUWF3M3czUmlLdWpvdms5R2xN?= =?utf-8?B?YkJKTTE3Und1YmZEUXBGeWNSa0dyaWVQcnFFQTV1UGtSVkltMWdMaDFLZ0Vi?= =?utf-8?B?NVJEMENaNmNRU3NPTHFBclA5Zkd4UndaMHhLUjVwNE91TTcrMk1ZbTRuMmFa?= =?utf-8?B?TnFVL2FvM3RRTlVpOE5IV082aEpTVGNTcGFLck1LeUl2K2pUdS8xVGpzYU5H?= =?utf-8?B?SWRZZDNzYkgrNitDNm80NWpuQnRhRmlGRWo0eFY4MU1YbERPWlg1MEE4YVJ4?= =?utf-8?B?UnlPN04yM3c0S0ZVTUVHZzR1bFVOVFJtT2lXdTBWOXR4WkNuVUdhOFp0WG5I?= =?utf-8?B?eFpwbklQaXBxcVpiakVjNVVobFlmaks3blQ0bGNrVHN4OWVNVkkraEcyL3JB?= =?utf-8?Q?jENqTvSN315i3Ns4iV+JsQuIxsgCv1p95Kl7g=3D?=
x-ms-exchange-transport-forked: True
arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bXADnR1F1w3x3iQEI09um/bNveMx7yftP8Ql3qxUFKNiSo8bsSWiZr0TKE0OHzSEbvd0lwzJE1gZGuOrHpiVQNWAUbG35lvEPVNbkG7Koqlw1n5U0G5LhyQa3m34xgpeK47zqmrexEVhsxQ5ba+zmkYHlVITDMITwVTHmL3Sqwe57Sj05n90uTDYRxNbNo0S7dh3Twpswwu2cU+fdVcns34CivnzQ0pevPkkS8ggqyJVEV8REHozjIUQ2wHNxeRjFVScrk6vA6qyrEPHcnP4vZpUPVSwYl31dxqWpR0FPQQP/mh4ESV7llufPeaU+oWcz6wQ0p7Qs4Zw5CtpUuVM4A==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GKYmRsTR6XmvM0IRdOpNXzW+4iHlbMa7TBxETIfdwgE=; b=cdjLN2MFIP3GEjRLe62ctO09BSS2/oik6zuSyG9zbiYYLAsTZ0ox4WcYSCnESA7a97ZPeX+x+lyDYzf0L7PrH9loBrmn2BBF1IIIoRTT97mqHU9MR3g/v/SRbnLMB8cDPTQAmDpaX1G+0pLw8V88ZNRuazr+WA8Hf/miUdDR2ZRoH0NTCB0QjyQOcvLAgazJITaHi1dnsxtyu5If44wAz3Y/GU/lwLm9JnjcTAGRPrP95sWA5gfNgsf1IuJy/Bne2r4N5gnnp8EeqYCeRJ8t5EvUG0ipRISrJAgXT/I28HHdHNu1Qh7Xghph50z7tN8cNqgAwC0WxLEiaHj/S4Zefw==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=comcast.com; dmarc=pass action=none header.from=comcast.com; dkim=pass header.d=comcast.com; arc=none
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: MN2PR11MB4351.namprd11.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: 3258b5e6-6280-40ad-5fb7-08d8cf97c108
x-ms-exchange-crosstenant-originalarrivaltime: 12 Feb 2021 20:49:55.7178 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: POOIidNhRAlb/0YRUECj/6FfvBGRDSb3zq+Sv5N1PjxMbURHaaDQrqix31hmQtkK1MzFDxOvmjzsSUQTi+XRgcbdcNvdL/N44uIc2nG2wTE=
x-ms-exchange-transport-crosstenantheadersstamped: BL0PR11MB3524
x-originatororg: comcast.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Forward AAETWQ
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.737 definitions=2021-02-12_09:2021-02-12, 2021-02-12 signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/9OTbxYTbQM3eg5R22R2Y8sljKW8>
Subject: Re: [dmarc-ietf] [EXTERNAL] Re: Ticket #64 - Contained Data PII Concerns
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Feb 2021 20:50:11 -0000

Apologies, this is for aggregate reports.  I'm would imagine the Failure reports draft would have its own section as the questions there may be different.

--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast

> -----Original Message-----
> From: John Levine <johnl@taugh.com>
> Sent: Friday, February 12, 2021 3:46 PM
> To: dmarc@ietf.org
> Cc: Brotman, Alex <Alex_Brotman@comcast.com>
> Subject: [EXTERNAL] Re: [dmarc-ietf] Ticket #64 - Contained Data PII Concerns
>
> In article
> <MN2PR11MB435185A171029EF4282A2BF4F78B9@MN2PR11MB4351.namprd
> 11.prod.outlook.com> you write:
> >Hello folks,
> >
> >In ticket #64
> >(https://urldefense.com/v3/__https://trac.ietf.org/trac/dmarc/ticket/64
> >__;!!CQl3mcHX2A!TwDVjWOh08AOGCxPZ0IKR8IxgdUb6u3LDW1Po0KbrzIgXW
> wlVm53NUB
> >Q6gqZ8IbIjUjG$ ), it was suggested that a Privacy Considerations section may
> alleviate some concerns about the ownership of the data.  I created an initial
> attempt, and thought to get some feedback.  I didn't think we should go too far
> in depth, or raise corner cases.  Felt like doing so could lead down a rabbit hole
> of trying to cover all cases. This would go within a "Privacy Considerations"
> section.
> >
> >* Data Contained Within Reports (#64)
> >
> >Within the reports is contained an aggregated body of anonymized data
> >pertaining to the sending domain.  The data is meant to aid the report
> >processors and domain holders in verifying sources of messages
> >pertaining to the 5322.From Domain.  The data should not contain any
> >identifying characteristics about individual senders or receivers.  An
> >entity sending reports should not be concerned with the data contained
> >as it should not contain PII (NIST reference for PII definition), such
> >as email addresses or usernames.
> >
> >Does this seem a reasonable start?  Thanks for your time.
>
> It's not clear which kind of report this is talking about.
>
> If it's aggregate reports, they contain IP addresses of mail servers and domain
> names of SPF and DKIM identifiers, but nothing about the e-mail address or IP of
> the original senders.
>
> If it's failure reports, they contain as much or as little as the reporter includes,
> possibly an entire message sent by someome who may or may not be connected
> to the domain that receives the report.
>