Re: [dmarc-ietf] [EXTERNAL] Re: Ticket #64 - Contained Data PII Concerns
"Brotman, Alex" <Alex_Brotman@comcast.com> Fri, 12 February 2021 20:50 UTC
Return-Path: <Alex_Brotman@comcast.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8796C3A0E3A for <dmarc@ietfa.amsl.com>; Fri, 12 Feb 2021 12:50:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.09
X-Spam-Level:
X-Spam-Status: No, score=-2.09 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8l94MU4-KNZc for <dmarc@ietfa.amsl.com>; Fri, 12 Feb 2021 12:50:09 -0800 (PST)
Received: from mx0b-00143702.pphosted.com (mx0b-00143702.pphosted.com [148.163.141.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 060823A0E2A for <dmarc@ietf.org>; Fri, 12 Feb 2021 12:50:08 -0800 (PST)
Received: from pps.filterd (m0184891.ppops.net [127.0.0.1]) by mx0b-00143702.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 11CKlRwj007236; Fri, 12 Feb 2021 15:50:08 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=20190412; bh=gOR0SMCkjOfRS3ULZ5MHYnvoCk0a/iCvn/3O/XWu8Uw=; b=M/GOkQf6LwwG4oq531VFBG36zL8gDBN06F1S3SohtxtOqueg+ai4QUBDbGkoBvbzR4bg 1LUqBin0pS1Y5iyNlVczn6ZoGAou7Kgww5/4QwStD6YOezFDSfFuxTGaeHBXjQ52YExI XANas1JLGEMZ+efQ2MVhZo1aZ+GYi9krSLaJKaDnbp49lrsQ3GPDDRry+icEwgItfSVF ODXpOMCytOxpI7LCihD/s+boGq5BGLqaRzhIF+WnunGhsyZM7cpFn+FBi+6Vi9gRIT7D IhViKTPCnFv2FAs+IyexQUxueBOcz9cFFp7fFZsOPHo84r/Qd7zu6nYbBWx5EUlcAdXw Gg==
Received: from pacdcex51.cable.comcast.com (dlppfpt-wc-1p.slb.comcast.com [96.99.226.136]) by mx0b-00143702.pphosted.com with ESMTP id 36nnkpdkyr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 12 Feb 2021 15:50:07 -0500
Received: from PACDCEX49.cable.comcast.com (24.40.2.148) by PACDCEX51.cable.comcast.com (24.40.2.150) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 12 Feb 2021 15:50:06 -0500
Received: from PACDCEXEDGE01.cable.comcast.com (76.96.78.71) by PACDCEX49.cable.comcast.com (24.40.2.148) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Fri, 12 Feb 2021 15:50:06 -0500
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.109) by webmail.comcast.com (76.96.78.71) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 12 Feb 2021 15:49:57 -0500
Received: from MN2PR11MB4351.namprd11.prod.outlook.com (2603:10b6:208:193::31) by BL0PR11MB3524.namprd11.prod.outlook.com (2603:10b6:208:73::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.29; Fri, 12 Feb 2021 20:49:55 +0000
Received: from MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::2495:cfaf:88ca:6b2d]) by MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::2495:cfaf:88ca:6b2d%7]) with mapi id 15.20.3846.027; Fri, 12 Feb 2021 20:49:55 +0000
From: "Brotman, Alex" <Alex_Brotman@comcast.com>
To: John Levine <johnl@taugh.com>, "dmarc@ietf.org" <dmarc@ietf.org>
Thread-Topic: [EXTERNAL] Re: [dmarc-ietf] Ticket #64 - Contained Data PII Concerns
Thread-Index: AdcBfLdYcAd1ycC0TvWJKBD11cOyegAA2haAAAAY+MA=
Date: Fri, 12 Feb 2021 20:49:55 +0000
Message-ID: <MN2PR11MB435180303B5EAD3349B189F1F78B9@MN2PR11MB4351.namprd11.prod.outlook.com>
References: <MN2PR11MB435185A171029EF4282A2BF4F78B9@MN2PR11MB4351.namprd11.prod.outlook.com> <20210212204624.BD53A6DDB3F5@ary.qy>
In-Reply-To: <20210212204624.BD53A6DDB3F5@ary.qy>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: taugh.com; dkim=none (message not signed) header.d=none;taugh.com; dmarc=none action=none header.from=comcast.com;
x-originating-ip: [2601:43:101:380:a087:5815:a25c:3021]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3258b5e6-6280-40ad-5fb7-08d8cf97c108
x-ms-traffictypediagnostic: BL0PR11MB3524:
x-microsoft-antispam-prvs: <BL0PR11MB3524A252DDFC9AA17E22F5BEF78B9@BL0PR11MB3524.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: PnNGzSE10lj2IPCQbgmL7aWjOt3T06smPiA4UpuOdao94576yEPggElOCAOxIKFqiasBsIlPKn4Ddodeecn4fvsUGl7S34TIZoEg61klKQM6uGD1IZqaBHc+t2E0ccaBEev4ektUcM9Tw9Rz5BoD3xvgIOiGDrJ4Ya8TSAsiaiUKiC5KH4OEYvSRSGNXsE73srC5pT8eikv+DHOcQYHueL3a5XP1TpYjp1m0wk2w8PhmjKt80PalUWEAiNnEadknN02glSZ7rLE6YBQ+O7WY22tkVDdsMyXBIURJx/r6hOs7ZRR5I3/TRAtHr/sOid6i/gGmD1IcQcR8kdt/QYEbb0rc/NAWYEzNaiwgJ2WZFphhqDFnSXPpOSFj2ASzv+o2RP6s31l7b8dD4lCa8e+qbg6IWt+YrlsA0HKYQ2JkOvhwjCI9xVWNad4nR19dWaR2/55Awq0y5svHj3kW5QDGfJWsSz/m3CI+CjElyGEG6L0bDpHrsLvjq9EfoOCYu8TG9jCrzhEXBpE97dPZtOu6q7yiR/GZVtQMWYWhd0HglKNc8ajsi4JDn3Q4rguPZxbszWhr3CgTDauW6nCOlXfvs4hcgg3SSNCT1dG9dEmeDcg=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4351.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(366004)(346002)(136003)(39860400002)(396003)(186003)(53546011)(83380400001)(71200400001)(6506007)(55016002)(9686003)(2906002)(33656002)(52536014)(64756008)(66446008)(66946007)(45080400002)(66556008)(86362001)(7696005)(66476007)(110136005)(316002)(5660300002)(8936002)(8676002)(76116006)(478600001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: uJAmKF6W8/v+P+M3PYwV9P4ZFjwQMCuQ2xkciJutKNhPuAiRfYb2iK+SKkTnUV/ip5V6tWQx6PywDi+Hf8soofgbkZzQEhdcap6WUJW9VMoXuTAIelga2rzJyUEbCVEdmLd3EaJAdDfMMnxxifDy17tQBDC9U9rdUycWKoPvRpri6Dp1kp84Qrkp170dtWeYeTrj2YkhYAZLOEmvkdVUtWZciRYghOQdPORNEy2i4bHzHg9JMi4BdJz+qkJux/iHsC6/YInpRmTgLM7NylomImdBJT3vc6oikdJGbFGp5nrWLsufsohqT954YwL82hb5hDPOcvjrREV85F/7eVmEuJueMTEHxr8V2/bGRZEQi+bIul1LQTIHtksmAvklXi+Lm99wy4Mh0cQ2ADWYZGyzMUDO9FvDfOM77Q0DpPOJPdh9qFapc+yZjGW6rkE2HUya4cg0aB6xUQWUHea474DlH8cLglXU1xcRQ2T4t9GbMk/w2d79cRL6SFN4wVu8pGoNRwnOWAOHu+hzrhHwzLWj5+fMVANgfq68nuy5oxyFGRCs7n9RDlRfJPn83INFn7N1B4Q8B/5Sf4RxXrUTt/IeJNtMaEVAxrmBqXiOumIiwCPpFvZ5kAo1w+bo8Rt+RWk7a+BoQShjIptJDC0okAMLr6jqAJjIUi29cWnYXGnq5cxVMST6I9xEYe/r6PeqVNaOv5FKu9rVfrwBNuA7CBmSQ85tZAHgtAypAN9xSdQHA+Z3/Xk8b0ynlrYBXRQSPYJ3UzYg/Vwo77GvKSkuB5PBAdCx3Q0ydYkw6CIDOBLrXlX6axuAxzBSr8BXXZpUzTFIt/q8EObILSuyUsgap+QnEd/LvCQskDu7LFWo8ZJR88ZVAJ6rxdNy6xzpHmLhRk9PCwQzwtSFR29QsXfTD4OUARUj3hAA63qL5IFLfAb2/Zf7jKuBzvjP0m3go7hxryCRkMufiQM3F/jPDm/uXP/UpxxQTK4ejroc5du4wqUJryYq4hCaRKX4uFK9MGo2jUZXR+jUVqX+t8tK/cz3LnTXyxFxr8c7cDtwBd2WliQaw3w3RiKujovk9GlMbBJM17RwubfDQpFycRkGriePrqEA5uPkRVIm1gLh1KgEb5RD0CZ6cQSsOLqArP9fGxRwZ0xKR5p4OuM7+2MYm4n2aZNqU/ao3tQNUi8NHWO6hJSTcSpaKrMKyIv+jTu/1TjsaNGIdYd3sbH+6+C6o45jnBtaFiFEj4xV81MXlDOZX50A8aRxRyO7N23w4KFUMEGg4ulUNTRmOiWu0V9txZCnUGa8ZtXnHxZpnIPipqqZbjEc5UhlYfjK7nT4lckTsx9eMVI+hG2/rAjENqTvSN315i3Ns4iV+JsQuIxsgCv1p95Kl7g=
x-ms-exchange-transport-forked: True
arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bXADnR1F1w3x3iQEI09um/bNveMx7yftP8Ql3qxUFKNiSo8bsSWiZr0TKE0OHzSEbvd0lwzJE1gZGuOrHpiVQNWAUbG35lvEPVNbkG7Koqlw1n5U0G5LhyQa3m34xgpeK47zqmrexEVhsxQ5ba+zmkYHlVITDMITwVTHmL3Sqwe57Sj05n90uTDYRxNbNo0S7dh3Twpswwu2cU+fdVcns34CivnzQ0pevPkkS8ggqyJVEV8REHozjIUQ2wHNxeRjFVScrk6vA6qyrEPHcnP4vZpUPVSwYl31dxqWpR0FPQQP/mh4ESV7llufPeaU+oWcz6wQ0p7Qs4Zw5CtpUuVM4A==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GKYmRsTR6XmvM0IRdOpNXzW+4iHlbMa7TBxETIfdwgE=; b=cdjLN2MFIP3GEjRLe62ctO09BSS2/oik6zuSyG9zbiYYLAsTZ0ox4WcYSCnESA7a97ZPeX+x+lyDYzf0L7PrH9loBrmn2BBF1IIIoRTT97mqHU9MR3g/v/SRbnLMB8cDPTQAmDpaX1G+0pLw8V88ZNRuazr+WA8Hf/miUdDR2ZRoH0NTCB0QjyQOcvLAgazJITaHi1dnsxtyu5If44wAz3Y/GU/lwLm9JnjcTAGRPrP95sWA5gfNgsf1IuJy/Bne2r4N5gnnp8EeqYCeRJ8t5EvUG0ipRISrJAgXT/I28HHdHNu1Qh7Xghph50z7tN8cNqgAwC0WxLEiaHj/S4Zefw==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=comcast.com; dmarc=pass action=none header.from=comcast.com; dkim=pass header.d=comcast.com; arc=none
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: MN2PR11MB4351.namprd11.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: 3258b5e6-6280-40ad-5fb7-08d8cf97c108
x-ms-exchange-crosstenant-originalarrivaltime: 12 Feb 2021 20:49:55.7178 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: POOIidNhRAlb/0YRUECj/6FfvBGRDSb3zq+Sv5N1PjxMbURHaaDQrqix31hmQtkK1MzFDxOvmjzsSUQTi+XRgcbdcNvdL/N44uIc2nG2wTE=
x-ms-exchange-transport-crosstenantheadersstamped: BL0PR11MB3524
x-originatororg: comcast.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Forward AAETWQ
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.737 definitions=2021-02-12_09:2021-02-12, 2021-02-12 signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/9OTbxYTbQM3eg5R22R2Y8sljKW8>
Subject: Re: [dmarc-ietf] [EXTERNAL] Re: Ticket #64 - Contained Data PII Concerns
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Feb 2021 20:50:11 -0000
Apologies, this is for aggregate reports. I'm would imagine the Failure reports draft would have its own section as the questions there may be different. -- Alex Brotman Sr. Engineer, Anti-Abuse & Messaging Policy Comcast > -----Original Message----- > From: John Levine <johnl@taugh.com> > Sent: Friday, February 12, 2021 3:46 PM > To: dmarc@ietf.org > Cc: Brotman, Alex <Alex_Brotman@comcast.com> > Subject: [EXTERNAL] Re: [dmarc-ietf] Ticket #64 - Contained Data PII Concerns > > In article > <MN2PR11MB435185A171029EF4282A2BF4F78B9@MN2PR11MB4351.namprd > 11.prod.outlook.com> you write: > >Hello folks, > > > >In ticket #64 > >(https://urldefense.com/v3/__https://trac.ietf.org/trac/dmarc/ticket/64 > >__;!!CQl3mcHX2A!TwDVjWOh08AOGCxPZ0IKR8IxgdUb6u3LDW1Po0KbrzIgXW > wlVm53NUB > >Q6gqZ8IbIjUjG$ ), it was suggested that a Privacy Considerations section may > alleviate some concerns about the ownership of the data. I created an initial > attempt, and thought to get some feedback. I didn't think we should go too far > in depth, or raise corner cases. Felt like doing so could lead down a rabbit hole > of trying to cover all cases. This would go within a "Privacy Considerations" > section. > > > >* Data Contained Within Reports (#64) > > > >Within the reports is contained an aggregated body of anonymized data > >pertaining to the sending domain. The data is meant to aid the report > >processors and domain holders in verifying sources of messages > >pertaining to the 5322.From Domain. The data should not contain any > >identifying characteristics about individual senders or receivers. An > >entity sending reports should not be concerned with the data contained > >as it should not contain PII (NIST reference for PII definition), such > >as email addresses or usernames. > > > >Does this seem a reasonable start? Thanks for your time. > > It's not clear which kind of report this is talking about. > > If it's aggregate reports, they contain IP addresses of mail servers and domain > names of SPF and DKIM identifiers, but nothing about the e-mail address or IP of > the original senders. > > If it's failure reports, they contain as much or as little as the reporter includes, > possibly an entire message sent by someome who may or may not be connected > to the domain that receives the report. >
- [dmarc-ietf] Ticket #64 - Contained Data PII Conc… Brotman, Alex
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … John Levine
- Re: [dmarc-ietf] [EXTERNAL] Re: Ticket #64 - Cont… Brotman, Alex
- Re: [dmarc-ietf] [EXTERNAL] Re: Ticket #64 - Cont… Seth Blank
- Re: [dmarc-ietf] [EXTERNAL] Re: Ticket #64 - Cont… John R Levine
- Re: [dmarc-ietf] [EXTERNAL] Re: Ticket #64 - Cont… Seth Blank
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … Alessandro Vesely
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … Brotman, Alex
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … Ken O'Driscoll
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … Douglas Foster
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … John Levine
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … Ken O'Driscoll
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … Ken O'Driscoll
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … Kurt Andersen (b)
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … Alessandro Vesely
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … Brotman, Alex
- Re: [dmarc-ietf] Ticket #64 - Contained Data PII … Dotzero