IETF Logo Mail Archive

Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports

Alessandro Vesely <vesely@tana.it> Sun, 20 December 2020 11:48 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 950383A0F2F for <dmarc@ietfa.amsl.com>; Sun, 20 Dec 2020 03:48:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cr-2n79pzKle for <dmarc@ietfa.amsl.com>; Sun, 20 Dec 2020 03:47:59 -0800 (PST)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 332D23A0F2E for <dmarc@ietf.org>; Sun, 20 Dec 2020 03:47:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1608464876; bh=tjW2tR115gezbxfymX53f2xFpO8GOGeYStzlCayaoFc=; l=719; h=To:References:From:Date:In-Reply-To; b=DC80kNaDA0UeE/5dBiLyWR+jqa6/9uO9GiqRYGSVgqVgrufbz6w3bxfdVVaWY6690 iT3DDupLyF6w/q7ftawbJawCWrqRUCq2ZOGYs6rSMhASfiAjOvafP/lHsPcu7VTs7f 2JVsafIWQvuFdFmJr6kfu3eqdbSntWCR5mmKOKryS+Kn58dCNzaAulnI2aKIy
Authentication-Results: tana.it; auth=pass (details omitted)
Original-From: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC056.000000005FDF39EC.00007479; Sun, 20 Dec 2020 12:47:56 +0100
To: John R Levine <johnl@taugh.com>, dmarc@ietf.org
References: <20201218023900.E73B82ACBB2B@ary.qy> <4a43ffaa-3987-c892-cce7-56f18888cdf5@tana.it> <39125012-e356-d62d-36fd-a7ff25a9f59f@taugh.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <e6880ba9-f5f3-1050-25c0-658551187512@tana.it>
Date: Sun, 20 Dec 2020 12:47:56 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <39125012-e356-d62d-36fd-a7ff25a9f59f@taugh.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/M_m6UVB8q5nPBONvEzIjt0AWyqA>
Subject: Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Dec 2020 11:48:01 -0000

On Fri 18/Dec/2020 21:05:43 +0100 John R Levine wrote:
>> Info which is encoded in such a way that only the sender can understand rises 
>> no PII concern, IMHO.  A sender could cache sent messages and devise how to 
>> encode the corresponding filenames in DKIM selectors.  Reporting just the 
>> failed signature would leak the whole message by reference.  So what?
> 
> Now he knows which forwarded recipients are talking with his users.


Are failure reports about forwarded messages still useful?  If not so much, 
perhaps we could deplore them.

Keeping the target of forwarded messages private needs to be addressed at 
emailcore as well, though.  Regular bounces leak the same info.


Best
Ale
--

v2.23.0 | Report a Bug | By Email