[dmarc-ietf] Ticket #64 - Contained Data PII Concerns

"Brotman, Alex" <Alex_Brotman@comcast.com> Fri, 12 February 2021 20:31 UTC

Return-Path: <Alex_Brotman@comcast.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28C373A0E4A for <dmarc@ietfa.amsl.com>; Fri, 12 Feb 2021 12:31:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.08
X-Spam-Level:
X-Spam-Status: No, score=-2.08 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_FRAUD_PHISH=0.01, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4GQPMa8sLt4K for <dmarc@ietfa.amsl.com>; Fri, 12 Feb 2021 12:31:04 -0800 (PST)
Received: from mx0b-00143702.pphosted.com (mx0b-00143702.pphosted.com [148.163.141.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64CE43A0E30 for <dmarc@ietf.org>; Fri, 12 Feb 2021 12:31:04 -0800 (PST)
Received: from pps.filterd (m0156896.ppops.net [127.0.0.1]) by mx0b-00143702.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 11CKM0XH024197 for <dmarc@ietf.org>; Fri, 12 Feb 2021 15:31:03 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : content-type : content-transfer-encoding : mime-version; s=20190412; bh=H7bdHaovElKCs6AeUBjcz4pbJzGT++INDBq9ZxFBd+4=; b=OEDf/mHrWZ82NStLx7Nf2/RfCdfoDpjdZFkKbqfgR3nSeJhlC57rCEG29Fa/u9eu8nTx H4d1K9Q4Fj6S569UdRrLvCiHjpIDN8TeQF4+EIrMJT7oSJf7sBpq2uIUqrxwa4gLwhfG NQiPGGTDd2anJNulYVaiMzkPO+3gf0mU6D2hRU/7dFT7c0rTX9DnOiI3UzYGZQxw6V1X vwk8HsmX+ysNNPyVJdzbvKAiQxhB243QVjROScHPI2tfNp0GXV69Y4H0sU/nF4qBDemp ISnaGA1tUwqrPGOiQof68ca2+9YIEDzNPmG6bMKciSUQYk8+sBzeRq7wkxo0kJguzd8Y ew==
Received: from copdcexc33.cable.comcast.com (dlppfpt-po-1p.slb.comcast.com [96.99.226.137]) by mx0b-00143702.pphosted.com with ESMTP id 36nux428jh-6 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <dmarc@ietf.org>; Fri, 12 Feb 2021 15:31:02 -0500
Received: from copdcexc33.cable.comcast.com (147.191.125.132) by copdcexc33.cable.comcast.com (147.191.125.132) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Fri, 12 Feb 2021 13:30:56 -0700
Received: from COPDCEXEDGE01.cable.comcast.com (96.114.158.213) by copdcexc33.cable.comcast.com (147.191.125.132) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5 via Frontend Transport; Fri, 12 Feb 2021 13:30:56 -0700
Received: from NAM04-BN8-obe.outbound.protection.outlook.com (104.47.74.46) by webmail.comcast.com (96.114.158.213) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 12 Feb 2021 15:30:14 -0500
Received: from MN2PR11MB4351.namprd11.prod.outlook.com (2603:10b6:208:193::31) by MN2PR11MB4256.namprd11.prod.outlook.com (2603:10b6:208:17b::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.25; Fri, 12 Feb 2021 20:30:38 +0000
Received: from MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::2495:cfaf:88ca:6b2d]) by MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::2495:cfaf:88ca:6b2d%7]) with mapi id 15.20.3846.027; Fri, 12 Feb 2021 20:30:38 +0000
From: "Brotman, Alex" <Alex_Brotman@comcast.com>
To: DMARC IETF <dmarc@ietf.org>
Thread-Topic: Ticket #64 - Contained Data PII Concerns
Thread-Index: AdcBfLdYcAd1ycC0TvWJKBD11cOyeg==
Date: Fri, 12 Feb 2021 20:30:38 +0000
Message-ID: <MN2PR11MB435185A171029EF4282A2BF4F78B9@MN2PR11MB4351.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=comcast.com;
x-originating-ip: [2601:43:101:380:a087:5815:a25c:3021]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3123e50b-e594-498b-80e0-08d8cf950f22
x-ms-traffictypediagnostic: MN2PR11MB4256:
x-microsoft-antispam-prvs: <MN2PR11MB425690BA922659A1220D8FF8F78B9@MN2PR11MB4256.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: rCpSnKRwj4F1CpM5f3/uXls5aEB8dDr4Ns0C6krKYShuO9yyxubmixgd7k2pAyjHlx3mjL1QOk27BM/m6VIA4Q6iHD6LKUCPfXAXphodM1B4d8tdVUUtg+48tIDZw2fRpeCa0zEujGWXwi2nA9/nHIZpocQMXKqBj0uIGiS/TiBAsySmcNbSrqVttZyIf8qXaEfuZZNCrkl246RtFtZoOaDkNR/GNrXwwdJM6pWFL6TdZHq/+M6MCSbr+CRJXItI8iMLnLQGYKaQikvdbSrDgT6aEyps3ipZyBxWllfEQsYSQQS8F8ChvQPTEiW72usb0Dapm07QCZA6J7L/vQHbM98GV0uN+Fisky88pgUZUAga6zzxmIfFAaKNfelE+v7Ljqs00lL1EU/y/7iBttJmkCNJGCsdsWiPVbqfebcnSIhDLenPVleJd614CUUsOhog4Y7t4i87rUu0VQmmuiVlyYoR8MMSqg1EzkqekoHypZLQkZl+toWjbdG9USTPonIIENzWRpf15L7NqhcHUJ9XH1bVFZF8yyCzee81SLpfZbP2TWiNP7i7G5NzJ/jQDmErSSkfQRXeoQGkDpXeQ8hqa9o9dK6W3TPQKlo1g9eJYag=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4351.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(346002)(39860400002)(396003)(366004)(136003)(52536014)(33656002)(55016002)(2906002)(316002)(66946007)(6916009)(86362001)(8936002)(478600001)(64756008)(71200400001)(5660300002)(7696005)(66476007)(6506007)(9686003)(66556008)(66446008)(83380400001)(8676002)(186003)(76116006); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?XYK8Oo6VsDeoSz088JwpCH7Il1t8saDIFfhnEU/HDIV6ZM4h38g04cKLzdaw?= =?us-ascii?Q?okgAG/9HRzmguedSHG8qdWFCmL9xeslY7lGWNJ7/Iv2LAMY4iHdUhSxWgUZG?= =?us-ascii?Q?SuuEaIjOj2k0qUGWBDV3uzGZaYNjQ30/6f8bT9hFUU7G7unBbQ6ri9SqAAlc?= =?us-ascii?Q?Q6NxhZlSaLzpyJ7MJOgyR0CziPAktxGjIbfTZxKt5M+hGLxWpC4wszJxpUJ1?= =?us-ascii?Q?AQFDvnpOdS/JUx7zjpGhY9U1FZxOVlO+k7wtamk0Lg1iqLpKfOYVzlNru4zn?= =?us-ascii?Q?6V9F3P9d0/Ix6hs3+txjMLlM/Fwm7tRsTKxkCI1yRPZsU6k/mvjnfVBJ2iFA?= =?us-ascii?Q?AlI2v5xhpkis+ZGreKFvnMVNVez77LSaEhWspsALrSG/IIctXMZglpkLPxBa?= =?us-ascii?Q?5tY6nsxpr17zpnffELHG2GBthyaVnWq7JIe6A/Nm40sBqKCUJQ80SOHTb4xU?= =?us-ascii?Q?7qN4aNUmmLrwR71mj7OhnA3gTynY4dEb1FV0HqLtQeRobjbrk2/SxFhYdGHL?= =?us-ascii?Q?9CWGlo7agTyouwgCQQYsqSgPYUnDy8rPIq0MkIWZi+diflcKM211ptMFZmOS?= =?us-ascii?Q?DqMqb0OIGWiCCONz7i1e07M6Aq6Ha0t4p1tg9tOqCmSqI9YKJlkNZqr0wNOm?= =?us-ascii?Q?ddIScCkaMYJx5e2K9uqH6ox2EJsnS5/Tv4lwJlLt0CiIbeA6p1izfYsM6yBj?= =?us-ascii?Q?iIwP9YXu990CF1DNkLDmQsgeZTHQ3I5sXOx8YaTfhLhUAgGiQlObvoWv9Nft?= =?us-ascii?Q?yJ0LAxhsKzb8S+1vmf9xaofTGXeVApZmMlIbJV+ddcUCdwSoAR56phPwWdEA?= =?us-ascii?Q?mi2loU+Yo8HLL2gZW006FSUTtEplRxZJYW/fRQdYEm+VHTguVH8cST22qtoB?= =?us-ascii?Q?ff8nWBbXsPWYJXWa0Im9sIqaqJAM89ZYjddsaj/HaryL6FFghrskkcl0ZUQK?= =?us-ascii?Q?rkrqLSmN5fwP+k+BzfKIEljllVYMapg55SGftj0BpOgfdHuN/dggqIuZIK0t?= =?us-ascii?Q?d1oDHmOiBUmpcG8gLwe3r2Oyn+Bh+92dZUvaAvivPGSMBnYzcOAHvTV4SMg+?= =?us-ascii?Q?ZhQ46Cp9QgFpHSd17XXgFGGohcwByvMUKS6ShTd5KkmZknYagCMWexkJqTID?= =?us-ascii?Q?iy6W+zx+qB3eYugrYLsvanbuDhv1Tz06bQjWex+POkgEeJaAC8fhUxNNh7bM?= =?us-ascii?Q?L1ZPWOxa4WXCen1jbDAhS8Xmb5YDDKNh1mkhyzPHU7rf4WUCjmlEH0TxKLnt?= =?us-ascii?Q?7yaBYGU5idAY9KjFeJ5aE7OX8rXjn1A8b17ojsJjiWMWZdkBjPSZzPE7RXJj?= =?us-ascii?Q?qTFBp7jR8l9Be5/jgab5ue5kRrqgWVDDMoO9eWLUcLh00psJCqKOTBU7yjCF?= =?us-ascii?Q?7V7Gfnw=3D?=
x-ms-exchange-transport-forked: True
arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mplNaI4PtRCxsbKhisqqhvoTx3PjncPENzeuPKjU4hvrYrPPkn4NqHRsx7XwDNHKz3XpGjtzqD1JbrTOSEZo9m5Ah8/MbZS0fHLgtxS+UY5dx5laeTliDInmgm8+tu9Dl3FOOCYorb++BVans54vc2BxOR/Fz7BWhEBCVVP49tpHL9ylyzyjRzQ0sUdKnyma9XUOjwSwE8WjHPlEG7Qjy9iiEI4a/RViLdHzHq5pedZuP++ePfWEgl9LXIrUM+8s32K6/9lF6+KivePnEI+Vrsu2LLXdp0oUmBCzmCCxjX4M8has0vddFIFBuIhqx11qeMRPMvi10NZyF6Dz+drB9w==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xtQukliN6nFavVxFnB1DUhUo8Ow9mYgrt5zn8lw0nLM=; b=i6KzPesy6pxxoHdc0ahl3wcjr3lwJqdfHr7N7/05inznAvTXfDvKYEwLyKMUQGwIsXva6mOAW+NIarC5RHjxAY/z2LmSMT4q/9vzTyfUKgll/nqp+FeiRmMvx49LDS15BRXjFAhAhiayRTcqry1LBhgl5SdFNb/o7UI1s+2oFI6YqcvGuODQFd87Sx0KlygI1ophnBZS3DzZFKU2bDzAH/wGJvTHuUo5Tsuzi4hEkOh1mT6hJRnQEZUlFtzmpdabzflmmxpROj/XdR8tTlV76YgkPOUqZNnJRzXnBssU/8BvJt/6yAtBCnanWjAKWbDDAOtFgTzBBMTJGZ6LPDFO4A==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=comcast.com; dmarc=pass action=none header.from=comcast.com; dkim=pass header.d=comcast.com; arc=none
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: MN2PR11MB4351.namprd11.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: 3123e50b-e594-498b-80e0-08d8cf950f22
x-ms-exchange-crosstenant-originalarrivaltime: 12 Feb 2021 20:30:38.2442 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: wvdd1UFZLye/5DJjYZPnt1E456lt8WDKaw/Bt0yL1HZhnXIBO1LQRWIbF2gV8BeKu4POqlsyLtpzqIX8V8GZ5uHUOt6E69Jk+dok9PkyUPQ=
x-ms-exchange-transport-crosstenantheadersstamped: MN2PR11MB4256
x-originatororg: comcast.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Forward AAETWT
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.737 definitions=2021-02-12_09:2021-02-12, 2021-02-12 signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/UlPNMwUoeq0pfMe8gUJMvYn76iI>
Subject: [dmarc-ietf] Ticket #64 - Contained Data PII Concerns
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Feb 2021 20:31:13 -0000

Hello folks,

In ticket #64 (https://trac.ietf.org/trac/dmarc/ticket/64), it was suggested that a Privacy Considerations section may alleviate some concerns about the ownership of the data.  I created an initial attempt, and thought to get some feedback.  I didn't think we should go too far in depth, or raise corner cases.  Felt like doing so could lead down a rabbit hole of trying to cover all cases. This would go within a "Privacy Considerations" section.

* Data Contained Within Reports (#64)

Within the reports is contained an aggregated body of anonymized data pertaining
to the sending domain.  The data is meant to aid the report processors
and domain holders in verifying sources of messages pertaining to the
5322.From Domain.  The data should not contain any identifying
characteristics about individual senders or receivers.  An entity
sending reports should not be concerned with the data contained as
it should not contain PII (NIST reference for PII definition), such as email addresses or
usernames.

Does this seem a reasonable start?  Thanks for your time.

--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast