Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports
Alessandro Vesely <vesely@tana.it> Wed, 23 December 2020 09:16 UTC
Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B7C73A0C93 for <dmarc@ietfa.amsl.com>; Wed, 23 Dec 2020 01:16:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R8JKC9McjZkC for <dmarc@ietfa.amsl.com>; Wed, 23 Dec 2020 01:16:03 -0800 (PST)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 971C63A0C90 for <dmarc@ietf.org>; Wed, 23 Dec 2020 01:16:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1608714959; bh=4kR8FKVIZd028KMWFfSWvXGyiPx6N6QStwT/1qiPdDs=; l=1833; h=To:References:From:Date:In-Reply-To; b=CDfD3sHnZGrEF4PUYautXzUsoDeznCDYvM3QTF3uRN/TNOD+LVgCmYAkk0l4RjoG8 mj64kD8AGUT1YK9TJY5+ZAwti1/mUJBNzgtRmB0St61g4hW36ho7wTeDQCwS20yWuE vFnrWHxV2ZIaw9JKt8mqdxRZrTVCiwBtg3odgjkXTkD5HX6A99mTod9VDv/h8
Authentication-Results: tana.it; auth=pass (details omitted)
Original-From: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC083.000000005FE30ACE.000053D1; Wed, 23 Dec 2020 10:15:58 +0100
To: dmarc@ietf.org
References: <20201218023900.E73B82ACBB2B@ary.qy> <4a43ffaa-3987-c892-cce7-56f18888cdf5@tana.it> <39125012-e356-d62d-36fd-a7ff25a9f59f@taugh.com> <e6880ba9-f5f3-1050-25c0-658551187512@tana.it> <6bba023-d3d9-63a5-8441-11dac9a05e28@taugh.com> <74051a64-871a-db72-b5d9-1be374e23015@tana.it> <a323077-9b64-555b-3561-62cdc93819fd@taugh.com> <a8281e16-9417-5189-df73-79ea0a865fbd@tana.it> <c713b9ae-a364-1ae0-e79-55f61624aa3d@taugh.com> <3034face-b6fc-0ce2-fa1b-f59210bd6f5b@tana.it> <46339b38-3b24-bcb7-5e73-8a97038ed69@taugh.com> <3997c81d-3b30-0823-a752-fb1d60a44593@tana.it> <448eeae1-2d82-91d3-4adf-cb547acd427a@mtcc.com> <c929bfa4-9b32-5099-01fa-078c56191571@tana.it> <0bf9fb2e-9974-4db3-3165-78508de3547c@mtcc.com> <44d92626-a13c-64e7-b1de-07cd50b1fd20@tana.it> <fff265af-16c0-9d75-c92f-ee438ae088b5@mtcc.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <74b57d51-1ec3-dd48-7747-a57a7d74c709@tana.it>
Date: Wed, 23 Dec 2020 10:15:58 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <fff265af-16c0-9d75-c92f-ee438ae088b5@mtcc.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/9jNWeBN4Q_4a1nYZL69WhdF_HgM>
Subject: Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Dec 2020 09:16:06 -0000
On Tue 22/Dec/2020 20:41:06 +0100 Michael Thomas wrote: > On 12/22/20 10:59 AM, Alessandro Vesely wrote: >> >>> Sorry, having to ask for permission because of laws does not constitute a >>> "severe privacy concern". >> >> Except in the sense that they're called privacy laws. Do you have a better >> wording? > > I don't know what was wrong with the initial text. But it most certainly is not > a "severe privacy concern", especially if it is the originating domain getting > the report. It already saw the original message in the first place assuming it > wasn't spoofed, and if it was spoofed they are entitled to see it for forensics > if the receiving domain is willing to send it to them. It may happen that the ruf= address ends up at the same submission server that issued the original message, but that's not guaranteed. John mentioned a real example. >>> That is completely outside of the scope of IETF and we should be pandering >>> to it. >> >> Making specifications that cannot be legally abided by is in IETF scope? > > If the laws are unreasonable? Sure. We're not putting backdoors in for > encryption either. It's their laws, let them figure it out. Failure reporting is rather akin to backdoors, in the sense that it can be used for pervasive monitoring. IMHO, GDPR is long winded and lacks practical design elements that could have inspired privacy-protecting protocols, but its intent is certainly not unreasonable. > But you said that providers can get people to opt in, so that seem moot. I'd recommend that software implements failure reporting, leaving it disabled with the possibility to enable it by domain in case of need. However, such recommendation would be an addition to the protocol, so it is not going to make it to the spec. Best Ale --
- [dmarc-ietf] Ticket #55 - Clarify legal and priva… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John R Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Seth Blank
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John R Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John R Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John R Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John R Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John R Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Kurt Andersen (b)
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Dotzero
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… ned+dmarc
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John R Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Kurt Andersen (b)
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Murray S. Kucherawy
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John R Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… ned+dmarc
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Murray S. Kucherawy
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Dotzero
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John R Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Tim Wicinski
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John R Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Todd Herr
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Dotzero
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… ned+dmarc
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Todd Herr
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Tim Wicinski
- Re: [dmarc-ietf] reporting documents, Ticket #55 … John R Levine
- Re: [dmarc-ietf] reporting documents, Ticket #55 … Tim Wicinski
- Re: [dmarc-ietf] reporting documents, Ticket #55 … Seth Blank
- Re: [dmarc-ietf] reporting documents, Ticket #55 … Michael Thomas
- Re: [dmarc-ietf] reporting documents, Ticket #55 … John Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John Levine
- Re: [dmarc-ietf] reporting documents, Ticket #55 … Hector Santos
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] reporting documents, Ticket #55 … ned+dmarc
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Todd Herr
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Murray S. Kucherawy
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… ned+dmarc
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… ned+dmarc
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Douglas Foster
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Jim Fenton
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Laura Atkins
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John R Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John R Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John R Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Douglas Foster
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Dave Crocker
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John R Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Douglas Foster
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Laura Atkins
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… John Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Dave Crocker
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Douglas Foster
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Jim Fenton
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Paypal security confirm your password now
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Kurt Andersen (b)
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Jim Fenton
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Dave Crocker
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Dave Crocker
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Dave Crocker
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Dave Crocker
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Dave Crocker
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Dave Crocker
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Dave Crocker
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Dave Crocker
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Dave Crocker
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Douglas Foster
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Dave Crocker
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Dotzero
- Re: [dmarc-ietf] Header Rewriting Laura Atkins
- Re: [dmarc-ietf] Header Rewriting Douglas Foster
- Re: [dmarc-ietf] Header Rewriting Laura Atkins
- Re: [dmarc-ietf] Header Rewriting Dave Crocker
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Header Rewriting Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Dotzero
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Header Rewriting Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Dotzero
- Re: [dmarc-ietf] Header Rewriting Laura Atkins
- Re: [dmarc-ietf] Header Rewriting Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Murray S. Kucherawy
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Dave Crocker
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Dave Crocker
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Michael Thomas
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Dave Crocker
- Re: [dmarc-ietf] Header Rewriting John Levine
- Re: [dmarc-ietf] Header Rewriting Douglas Foster
- Re: [dmarc-ietf] Header Rewriting Douglas Foster
- Re: [dmarc-ietf] Header Rewriting Douglas Foster
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Alessandro Vesely
- Re: [dmarc-ietf] Header Rewriting Alessandro Vesely
- Re: [dmarc-ietf] Header Rewriting John Levine
- Re: [dmarc-ietf] Ticket #55 - Clarify legal and p… Dave Crocker