Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)

[S Moonesamy <sm+ietf@elandsys.com>]

Hi Martin,
At 10:48 18-07-2014, Martin Rex wrote:
>The issuer of a DMARC policy (who publishes the DNS records) is
>a legal third party to the transfer of an EMail message from an SMTP sender
>to an SMTP receiver.  Revealing information about communication between
>two parties (including unsuccessful communication attempts) to an outside
>third party (such as a "domain owner who issues DMARC policy records") is
>unconditionally illegal for telecommunications service providers.
>
>Looking at the communication contents will also close to always be illegal.
>The telecommunication service provider is only entitled to process the
>"traffic data", which in case of SMTP EMail is strictly limited to the
>IP addresses and TCP ports of the communication peers _plus_ the SMTP
>Envelope (aka MAIL FROM: and RCPT TO:), the rfc5322-From: is part of
>the communication content and off-limits to the telecommunication service
>provider.  Processing of the contents for any other purpose than what is
>necessary for transfering the bits from sender to receiver will be
>unconditionally illegal, collecting such data and reporting it to an
>outside third party doubly so.

The proposed charter mentions "privacy issues".  I guess that the 
above issues would be considered as privacy issues.  The side topic 
would be the surveillance stuff.  The existing IETF RFCs about email 
basically say that content is transparent to whomever wants to read 
the communication between the ends.  The proposed charter does not 
set that topic as out of scope.  My interpretation of the proposed 
charter is that these are the sort of issues which the proposed 
working group will be working on.

Regards,
S. Moonesamy