Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports

Dave Crocker <dcrocker@gmail.com> Tue, 05 January 2021 22:07 UTC

Return-Path: <dcrocker@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A95763A09B5 for <dmarc@ietfa.amsl.com>; Tue, 5 Jan 2021 14:07:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.36
X-Spam-Level:
X-Spam-Status: No, score=-2.36 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.262, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S2KsE_7aII-5 for <dmarc@ietfa.amsl.com>; Tue, 5 Jan 2021 14:07:05 -0800 (PST)
Received: from mail-pf1-x430.google.com (mail-pf1-x430.google.com [IPv6:2607:f8b0:4864:20::430]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 777443A0983 for <dmarc@ietf.org>; Tue, 5 Jan 2021 14:07:05 -0800 (PST)
Received: by mail-pf1-x430.google.com with SMTP id a188so525320pfa.11 for <dmarc@ietf.org>; Tue, 05 Jan 2021 14:07:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=qQtjjPf7o4pzeQGmw+mkJZ915EhUX+n5KSnT61Q5DIQ=; b=C+MvWiJdrynvfuqSfcpPiIwTlNeNkvfOH5mXViZlx6CUVrSxs8KQTa6oUZWMfNOoGi OR6ithSkUXpyxUXRCZ+uMFeaZwGscs1INDmGSy9uq0GFvPsb3BW6oqrJQcAP2rT4SCjA 5fh/ne6kumI3VsK04U+HxOOsjmS4y6tl0HW05G0KicdWijAe4GmTFjXQwy4uX3fBEaHY XPikx0B3K1JsHb46ojoM8kJLERZVBOkNf/9uAIEmvp/11F1X+/zdtYL2+/tVnRBzUtBi WWikFJefhufjv4jPkYPLV/T9CO0gSVDQBjfMzT7Nujdn9Bg6Dg+49PAaIzkmXR4xJaBR D9Sg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=qQtjjPf7o4pzeQGmw+mkJZ915EhUX+n5KSnT61Q5DIQ=; b=t0RCbjmYXQOkpcSmWZtAs+hwNe6Gh4fgSa3IRWl0tJx6w8tSSC5tBHZZdxfknF9eOs BD2QS39lUp2F5tWuxmthVfoyataA4I0e2DCoXzaUrURFJrjfF6oG5+a49VBYsawPmtS/ Q7v6F+wJxEEcj58OyoYeaijisu45pLXNTHkYFecFBokk5FcvKEgX/Q1To8xAlmAyh3aU xTPudEZttZOfYsodJsMgbPmps5voH6Gs9Vg/nhy4yd9YzU1ywqyMfr+jZgBVQMqzB7MF eZ2gpmeFxn/1vNM5LiN2UcGiKW731WjuS1BmvZfyfCg1ULVqMHdjgvT6v7xiR8s0Qg5G 4SEg==
X-Gm-Message-State: AOAM5302laqStS0ZEWGfms9peH8pdMuWu6GIC4LILzNCYFjLLyeYuvVP VxfSVr0jps6Q4KnpE5IDZ6ib3mEIeV8=
X-Google-Smtp-Source: ABdhPJwjRaHfyeOKJnsyxc3g/oFsUHodxg6T49Vm0Wz7KJYfPIj3A+F5spAvEsYuZ7eJNHMRyYQ44A==
X-Received: by 2002:a65:434c:: with SMTP id k12mr1192723pgq.373.1609884423592; Tue, 05 Jan 2021 14:07:03 -0800 (PST)
Received: from [192.168.0.109] (c-24-130-62-181.hsd1.ca.comcast.net. [24.130.62.181]) by smtp.gmail.com with ESMTPSA id y9sm183798pjt.37.2021.01.05.14.07.02 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 05 Jan 2021 14:07:03 -0800 (PST)
To: Michael Thomas <mike@mtcc.com>, dmarc@ietf.org
References: <20210104174623.2545154CFF9F@ary.qy> <FD45F9FC-46B0-40A9-ADC6-DDD7650D62F2@bluepopcorn.net> <ae77d9f-6f63-16ca-903a-7cb463a7b58d@taugh.com> <CABuGu1o2t7WaEOh+nsx3_MRUGgGHqKHzQ9302FM9-HL0GxvJvA@mail.gmail.com> <f15c8f53-8075-99a1-83c7-f687200e6a94@gmail.com> <f640ee95-ba0a-6aa7-1a14-2af1db151e27@mtcc.com> <050e8614-c088-a165-a733-35c5eee52eed@gmail.com> <cd3a41e8-cc4f-05eb-5c86-47b0047e8d08@mtcc.com> <d9e23994-8666-5c3f-3e42-9a12a2ed6daf@gmail.com> <974f9dcd-33ec-9d11-7857-3a473f994a2c@mtcc.com> <72d6bc7d-6862-8184-9f16-e1cc14120239@gmail.com> <f9244f50-8748-a395-a412-ca82bfe6bbea@mtcc.com> <4f2250f2-cc1c-5c3e-3d64-fa0e8b4ad086@gmail.com> <fcd84963-48dd-1fd0-a754-769f8cd7b58c@mtcc.com>
From: Dave Crocker <dcrocker@gmail.com>
Message-ID: <cba89cdb-40c6-48ff-45a0-287117a90385@gmail.com>
Date: Tue, 05 Jan 2021 14:07:01 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <fcd84963-48dd-1fd0-a754-769f8cd7b58c@mtcc.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/r7unHaCXKKFeotbjU1pL-Jx4f_o>
Subject: Re: [dmarc-ietf] Ticket #55 - Clarify legal and privacy implications of failure reports
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jan 2021 22:07:07 -0000

On 1/5/2021 1:58 PM, Michael Thomas wrote:
> On 1/5/21 1:49 PM, Dave Crocker wrote:
>> On 1/5/2021 1:20 PM, Michael Thomas wrote:
>>> On 1/5/21 1:18 PM, Dave Crocker wrote:
>>>> On 1/5/2021 12:55 PM, Michael Thomas wrote:
>>>>> It also says with actual data that your assertion that users can't 
>>>>> be trusted for anything is not correct.
>>>> I didn't say that.  And it didn't say that.
>>> "Also, receiver filtering engines are all that matter." The word all 
>>> includes human beings. That's the nature of "all".
>> 1. In terms of average use for typical email, it is.
> What study asserts that for email? You wouldn't take my word for it if 
> I said that. But of course I wouldn't make a categorical statement 
> without empirical evidence.

You seem to be seeing a requirement to prove the negative, while the 
actual requirement is to prove the positive.  A claim that there is 
meaningful efficacy, for average recipients, by having visual trust 
indicators, requires affirmative demonstration that there is.  There is 
no requirement to prove there isn't.  My point is that we have decades 
of belief that it's useful but no demonstration that it actually is.  
And we have history such as the EV effort, showing that it isn't.

Your focus on email, as somehow distinctive, would need some basis for 
ignoring the web experience.  Feel free to provide it.


> You really should read the paper.

Your implication that I haven't is both odd and troublesome.


d/

-- 

Dave Crocker
dcrocker@gmail.com
408.329.0791

Volunteer, Silicon Valley Chapter
American Red Cross
dave.crocker2@redcross.org