Re: Scope for self-destructing email?
vaibhav singh <vaibhavsinghacads@gmail.com> Wed, 16 August 2017 04:50 UTC
Return-Path: <vaibhavsinghacads@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1D591321A5 for <ietf@ietfa.amsl.com>; Tue, 15 Aug 2017 21:50:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SGueAJEUuygL for <ietf@ietfa.amsl.com>; Tue, 15 Aug 2017 21:50:52 -0700 (PDT)
Received: from mail-it0-x22f.google.com (mail-it0-x22f.google.com [IPv6:2607:f8b0:4001:c0b::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A420131D19 for <ietf@ietf.org>; Tue, 15 Aug 2017 21:50:52 -0700 (PDT)
Received: by mail-it0-x22f.google.com with SMTP id 76so13037197ith.0 for <ietf@ietf.org>; Tue, 15 Aug 2017 21:50:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=cow4/hqjUgzgfjhx1bbuCnTh7JSAohIPAzOlWm2qWRM=; b=KjJVLKWmqAzmG87QMQvkHuFXTTx7qKI+YwKJ72zUGKxEE9C7EJuwZBkddjPEDZXN8H ex8TtlPSBSDk3dHsNKMP8eBqGa2LCAhmDgghkoNwTJHQfXGH66x419Mb/NVojKZ1Dobw +Ur9GbymYS2Zep7MbMs9mdqtOGS6Q56KsgqR/VIONWZdHWSL5tA5FmgbxzI8Q7TG1/Gc T+GtYUmZUZMG11l6d55aW4R7Ac6k3DkJOEVEeUJHaxunpp/L3iV0ECROAuW83faLnONU NXDELGKr+rKhqi+0EwSNS+Vc6mg+e5zua/N7ekgVATHCoHH0fuofICstv4JLKyjJiq7b /neg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=cow4/hqjUgzgfjhx1bbuCnTh7JSAohIPAzOlWm2qWRM=; b=PKtPDFUPlrKRjo1lyF/JyHAL/cfJMBXZ+9VWaWPt3jz1ZocgEobruDigrPnq5hAmRy TFIR2BA23pw8C8GkRgtLMPfSGfuYYmHIW268RHC0EPxke3diG+jUqvLrBtxfRfyPe8hI NXibNdejLIkX9eI1NwUrMC2tnUOCEd5wcOkFJC7lwHoS3nDD2nl7x9rv2wdSS+7gFBLs y0D9VveaP14+XpT6TBBXzUDL2+lTVTW1LMthwNBod4MaxAW3EZioY5jnHyJtZNLqEHx6 da/0VV4sUhB2PkS+r8g7eggd2uy1aAfeqdVMC1vMEyJfiTvXNIXE6K+R76r9D8oN0iu8 4/Cg==
X-Gm-Message-State: AHYfb5ggVmVE5rOTh82YuJQgZl8Rl4WxMlKZVuEKuhOzze4L2CVq9kfs YBs4PT6/3y+7PiqaBfQsqeqRWNHDB1wvaPo=
X-Received: by 10.36.54.77 with SMTP id l74mr767274itl.148.1502859051501; Tue, 15 Aug 2017 21:50:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.79.0.208 with HTTP; Tue, 15 Aug 2017 21:50:50 -0700 (PDT)
In-Reply-To: <b1289123-04ac-e62b-879e-614fae9b20b0@bogus.com>
References: <CACZ1GipivEf31iHchaM1OPFQF4QkfVRGVNsY_vVx=J8oFZ0JZA@mail.gmail.com> <b1289123-04ac-e62b-879e-614fae9b20b0@bogus.com>
From: vaibhav singh <vaibhavsinghacads@gmail.com>
Date: Wed, 16 Aug 2017 10:20:50 +0530
Message-ID: <CACZ1GiooBdEZ_YcBZPQNFkbT0DsGf-Cu25fPYzWcLamLUAH+TA@mail.gmail.com>
Subject: Re: Scope for self-destructing email?
To: joel jaeggli <joelja@bogus.com>
Cc: "ietf@ietf.org Discussion" <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="001a1144d62ce9a5400556d7a33c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/SviqyVp5JYzlcG1k1nGfqqXzb5M>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Aug 2017 04:50:55 -0000
On Tue, Aug 15, 2017 at 8:42 AM, joel jaeggli <joelja@bogus.com> wrote: > On 8/14/17 12:01, vaibhav singh wrote: > > Hi, > > > > As some of you may already know, General Data Protection Regulation > > (GDPR), about to be enforced in the EU within months, and calls for > > strict regulations for Right to rectify communications, Right to be > > forgotten , Pseudonymisation and Data portability. > > > > With regards to this, me and my friends were thinking about the idea of > > a self-destructing email, wherein the sender will mark the mail to be > > destroyed (expunged from the server) once the receiver(s) have finished > > reading it/after a time period chosen by the sender. > > > > Another enhancement to this idea was a notification which will be sent > > from some (Exploding email RFC) compliant MUA, in case the receiver > > refuses to delete the email from the client. (I know Snapchat is a poor > > example here, but they apparently send notifications to the originator > > of the snap in case any receiver tries to capture the screenshot of the > > snap. This is, in theory, what we are trying to do here). > > > > I would also like to know about things (working groups, internet drafts > > etc) which are being done to enforce GDPR to > > email and Instant Messaging especially. > > In order that you have some assurance that the demands provided at the > input side are honored on the receipt side you need effectively > end-to-end control over the system, that is the sender, receiver, and > any intermediate hops are part of the same administrative domain such > that any control imposed is actually implemented. That might be > practical for an email system but not generally for the email system. > > > > We found an archived thread of a similar proposal for XMPP being made in XMPP Standards list as well. There were a couple of neat outcomes from that discussion, which I would like to present here as well. There were a couple of improvements/compromises we were thinking: 1.) The popular opinion is that this will be unenforceable on the client; we can actually drop the idea of clients being forced to clean up those messages altogether. Our initial plan to propose this was to let the sender of the email decide whether he wants to store his emails on the server or not; that would be what we will be focusing on then. 2.) Matthias suggested a way to implement feature discovery for this: *Have a central list (possibly mentioned in the documentation of this) of IPs and domains that really support this feature (a central registry that maintains the list would test if it really works; I'd offer that my company can do this but that would have to be decided by the public). If a SMTP server advertises the feature and it is on the list send the mail without any warnings, if it advertises it but is not on the list warn the user that the server might potentionally fake the ability to do this. If it does not advertise the feature but is on the list warn the user that the server may not have the ability. If it neither is on the list nor advertise the feature ask the user if they want to send the email without self-destruction enabled.* This seems to work for me. Any problems which could come up with having a central authority for this feature? 3.) We may have to assume that the sender and receiver of the mail are trusted; this would mean that the mail may have to be encrypted prior to sending: *Encryption would allow you to establish a level of trust with the recipient. I.e. you encrypt the message and mark it for ‘self destruct’. You then have to trust the recipient to destroy it (but at least you don’t have to trust every server along the way). This gives you some level of reassurance that the message will be destroyed, assuming the recipient is trustworthy (and runs trustworthy clients).* 4.) A really boiled down version of ephemeral mails could just mark the mail "outdated" if the information provided in the mail is not expected to hold good after some time, instead of actually expunging the mail. *why not try to accommodate both realitys and define a feature which is called "Invalidation of Messages" or similar instead of "Destructible Messages". The goal of this feature should be to mark messages in a way, that the client somehow can mark the message as "not being relevant anymore" or something like that. So it could still be displayed but grayed out for example telling the receiver that the message can be ignored. Additionally there could then be added an attribute "deletionrequest" which can be set for clients which really want to have destructible messages like Signal does.* Any thoughts? -- Regards, Vaibhav Singh
- Scope for self-destructing email? vaibhav singh
- Re: Scope for self-destructing email? Matthias Merkel
- Re: Scope for self-destructing email? Dave Cridland
- Re: Scope for self-destructing email? Matthias Merkel
- Re: Scope for self-destructing email? Matthew Pounsett
- Re: Scope for self-destructing email? Warren Kumari
- Re: Scope for self-destructing email? Matthias Merkel
- Re: Scope for self-destructing email? Randy Presuhn
- Re: Scope for self-destructing email? Martin Rex
- Re: Scope for self-destructing email? Brian E Carpenter
- Re: Scope for self-destructing email? John C Klensin
- Re: Scope for self-destructing email? John Levine
- Re: Scope for self-destructing email? joel jaeggli
- RE: Scope for self-destructing email? Michel Py
- Re: Scope for self-destructing email? John Levine
- Re: Scope for self-destructing email? Theodore V Faber
- Re: Scope for self-destructing email? vaibhav singh
- Re: Scope for self-destructing email? Ted Hardie
- Re: Scope for self-destructing email? Matthias Merkel
- Re: Scope for self-destructing email? John C Klensin
- Re: Scope for self-destructing email? Matthias Merkel
- Re: Scope for self-destructing email? John C Klensin
- Re: Scope for self-destructing email? Warren Kumari
- Re: Scope for self-destructing email? Ted Hardie
- Re: Scope for self-destructing email? Brian E Carpenter
- Re: Scope for self-destructing email? Lyndon Nerenberg
- Re: Scope for self-destructing email? Phillip Hallam-Baker
- Re: Scope for self-destructing email? Deen, Glenn (NBCUniversal)
- Re: Scope for self-destructing email? Phillip Hallam-Baker
- Re: Scope for self-destructing email? Christian Huitema
- Re: Scope for self-destructing email? Gary E. Miller
- Re: Scope for self-destructing email? Michael Richardson
- Re: Scope for self-destructing email? John C Klensin
- Re: Scope for self-destructing email? Phillip Hallam-Baker
- Re: Scope for self-destructing email? John Levine
- Re: Scope for self-destructing email? ned+ietf
- Re: Scope for self-destructing email? Adam Roach
- Re: Scope for self-destructing email? Phillip Hallam-Baker
- Re: Scope for self-destructing email? Phillip Hallam-Baker
- Re: Scope for self-destructing email? John R Levine
- Re: Scope for self-destructing email? Toerless Eckert
- Re: Scope for self-destructing email? Lloyd Wood
- Email client APIs. features. amd siupport (was: R… John C Klensin
- Re: Email client APIs. features. amd siupport (wa… Toerless Eckert
- Re: Email client APIs. features. amd siupport (wa… Phillip Hallam-Baker