IETF Logo Mail Archive

Re: Scope for self-destructing email?

Dave Cridland <dave@cridland.net> Mon, 14 August 2017 19:16 UTC

Return-Path: <dave@cridland.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A16E113240F for <ietf@ietfa.amsl.com>; Mon, 14 Aug 2017 12:16:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cridland.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1PIAoGz5cnmP for <ietf@ietfa.amsl.com>; Mon, 14 Aug 2017 12:16:17 -0700 (PDT)
Received: from mail-lf0-x235.google.com (mail-lf0-x235.google.com [IPv6:2a00:1450:4010:c07::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9815132415 for <ietf@ietf.org>; Mon, 14 Aug 2017 12:16:14 -0700 (PDT)
Received: by mail-lf0-x235.google.com with SMTP id g25so43690223lfh.1 for <ietf@ietf.org>; Mon, 14 Aug 2017 12:16:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cridland.net; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=rFVo8e9BRZc+PFtKWTkDxR7wgb/Xs9ILVYqjNcor3gI=; b=gntS0aXzgD62pz/Cw5Bjfj/HJ3e0f6WkMIYJNSVxWXPnZ+jSnXOlIp6sAJJcta3V8X FjE4sFSIu26UsyJq7BGllmSK/QVGjBVHxoDRoW5y+bXCX5+I3rOzGyXRGkjHq/k54t1y eISCE4E2cTPBCjm3m5huc2PV3jcGQ4lycsaFQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=rFVo8e9BRZc+PFtKWTkDxR7wgb/Xs9ILVYqjNcor3gI=; b=No0UviP3YYH7kVC6q/Iqv60frdBVtQk1w02B+jif5/4K/uMgv8+QddqkNSMRlwTfwo QU9QGzeztiAsmZjU0fCbg3NaGvHtQvKVzCLJHa7Is86gPnI4vhjY4j2QU7px2bRS5d6B YLAwWX7OPp4aUaQ/gIgbUwKI753MEg2DRr1UvtHoOoGnuiTEPAEROTFfcTp4KpyiNmaj 5CqOS2WfRTm1aHtDl1dyfLb46DAnAWtU3pxG7lho2JNrs9wC3bPL7Us7TxYQX2pSsPWs 62KR2+omZ83N/BXqGRG5oTOPeEnyBTvpQyBtFcSINCGKSJGLzflSVzALgxD6gObmFEuT KMhQ==
X-Gm-Message-State: AHYfb5iaVQ4QhF5+SdIua2GHPz2Q1eF3T3rh98/3JkwL6XMM7I2xOi7/ AX+u9Dm3Nc1r1JUCtms7rZo9b02NeDWk
X-Received: by 10.25.32.205 with SMTP id g196mr6479692lfg.242.1502738172994; Mon, 14 Aug 2017 12:16:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.179.75.130 with HTTP; Mon, 14 Aug 2017 12:16:12 -0700 (PDT)
In-Reply-To: <CACZ1GipivEf31iHchaM1OPFQF4QkfVRGVNsY_vVx=J8oFZ0JZA@mail.gmail.com>
References: <CACZ1GipivEf31iHchaM1OPFQF4QkfVRGVNsY_vVx=J8oFZ0JZA@mail.gmail.com>
From: Dave Cridland <dave@cridland.net>
Date: Mon, 14 Aug 2017 20:16:12 +0100
Message-ID: <CAKHUCzxja6D8jXz_kR6VaGZ21xNV0aw200956f9ESb-5NkhNEA@mail.gmail.com>
Subject: Re: Scope for self-destructing email?
To: vaibhav singh <vaibhavsinghacads@gmail.com>
Cc: "ietf@ietf.org Discussion" <ietf@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/lGZijn5fGZJcTKTzhEfHW0yLwrQ>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Aug 2017 19:16:20 -0000

On 14 August 2017 at 20:01, vaibhav singh <vaibhavsinghacads@gmail.com> wrote:
> With regards to this, me and my friends were thinking about the idea of a
> self-destructing email, wherein the sender will mark the mail to be
> destroyed (expunged from the server) once the receiver(s) have finished
> reading it/after a time period chosen by the sender.
>
> Another enhancement to this idea was a notification which will be sent from
> some (Exploding email RFC) compliant MUA, in case the receiver refuses to
> delete the email from the client. (I know Snapchat is a poor example here,
> but they apparently send notifications to the originator of the snap in case
> any receiver tries to capture the screenshot of the snap. This is, in
> theory, what we are trying to do here).
>

It's pretty much unenforceable. It is, however, theoretically possible
to build a mechanism to request the later deletion of a message using
MSGTRACK (RFC 3885) as a basis - but that's likely to be merely a
means to let others know you made an error rather than a real way to
delete a message.

> I would also like to know about things (working groups, internet drafts etc)
> which are being done to enforce GDPR to
> email and Instant Messaging especially.

In Instant Messaging, things are slightly different.

Because there's an online, synchronous communications path, then
protocols like XMPP can use "Perfect Forward Secrecy" techniques to
limit access to the original message, and protocols such as OTR, "The
Signal Protocol", and OMEMO all deliberately prevent non-repudiation
post-facto.

Therefore after a conversation, it is difficult to decrypt the
messages (you'd need to persistently store ephemeral keys) and
impossible to strictly prove that the message as captured was not
simply a forged log (although since computer logs are usually
admissible evidence, this is of debatable use).

In terms of Pseudonymity, XMPP builds this into chatrooms (XEP-0045)
and is making this slightly better in its replacement, MIX (XEP-0369).

However, all of these still boil down to keeping honest users honest -
the GDPR applies to people and organisations, and not to computer
systems per se. It means we (system and protocol developers) are
required to consider these use-cases to remain relevant, certainly,
but the actual compliance to these laws is a matter for the end user.

Dave.

v2.23.0 | Report a Bug | By Email