Re: Confidentiality notices on email messages
Marc Petit-Huguenin <petithug@acm.org> Thu, 14 July 2011 16:44 UTC
Return-Path: <petithug@acm.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FF5F21F8D1D for <ietf@ietfa.amsl.com>; Thu, 14 Jul 2011 09:44:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.589
X-Spam-Level:
X-Spam-Status: No, score=-102.589 tagged_above=-999 required=5 tests=[AWL=0.011, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1DaP37naM788 for <ietf@ietfa.amsl.com>; Thu, 14 Jul 2011 09:44:41 -0700 (PDT)
Received: from implementers.org (implementers.org [IPv6:2604:3400:dc1:41:216:3eff:fe5b:8240]) by ietfa.amsl.com (Postfix) with ESMTP id 8DAF821F8D1E for <ietf@ietf.org>; Thu, 14 Jul 2011 09:44:41 -0700 (PDT)
Received: from [IPv6:2001:55c:4c15:5f80:213:d4ff:fe04:3e08] (unknown [IPv6:2001:55c:4c15:5f80:213:d4ff:fe04:3e08]) by implementers.org (Postfix) with ESMTPS id 066802199E; Thu, 14 Jul 2011 18:43:08 +0200 (CEST)
Message-ID: <4E1F1CF7.4050907@acm.org>
Date: Thu, 14 Jul 2011 09:44:39 -0700
From: Marc Petit-Huguenin <petithug@acm.org>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.18) Gecko/20110626 Iceowl/1.0b2 Icedove/3.1.11
MIME-Version: 1.0
To: Alessandro Vesely <vesely@tana.it>
Subject: Re: Confidentiality notices on email messages
References: <20110714014835.9480.qmail@joyce.lan> <4E1F0B2C.3070401@tana.it>
In-Reply-To: <4E1F0B2C.3070401@tana.it>
X-Enigmail-Version: 1.1.2
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jul 2011 16:44:46 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/14/2011 08:28 AM, Alessandro Vesely wrote: > On 14/Jul/11 03:48, John Levine wrote: >>> Yes, and perhaps disclaimers/confidentiality notices should be >>> standardized with their own MIME type to make automatic processing >>> easier so receivers of this kind of notice (mailing-list or other) >>> can respect the wishes of the sender. >> >> That respect would of course be demonstrated by rejecting or >> discarding the mail unread, to avoid any possibility that it could >> fall into the wrong hands. > > Yes, with the possible exception of recipients deploying a Treacherous > Computing environment that includes checks against forwarding or > replying with non fair use quotations of confidential messages. > >> PS: Perhaps I should propose a revised RFC 5617 adding dkim=confidential. > > One can sign the "Sensitivity" header field defined by RFC 2156. It > can have the values "Personal" / "Private" / "Company-Confidential". > > However, I received some messages bearing a confidentiality notice but > missing this field entirely. Even the TC system above could hardly > cope with such inconsistent settings. 1. If an email received contains a Sensivity header with Confidential, Private or Personal, the email is rejected. 2. Else, with techniques similar to spam filtering, a process can then test if the email may contain a legal notice (perhaps Spamassassin can be configured to do this - I am not a specialist). If such notice is detected, and there is no Sensivity header the email is bounced back with a text similar to this: "We automatically detected that your email may contain a legal notice, but we have no way to be sure that this notice is compliant with our rules, but we cannot take the legal risk to accept it against the wishes of your employer. Please contact your IT department and ask them to add a Sensivity header to the emails sent by your organization, which should be even easier than adding the legal notice." 3. Else, if a notice is detected and there is a Sensivity=public header, then the email is accepted. 4. Else, if no notice is detected, the email is accepted. > Do notices still retain any > legal value in such cases? - -- Marc Petit-Huguenin Personal email: marc@petit-huguenin.org Professional email: petithug@acm.org Blog: http://blog.marc.petit-huguenin.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk4fHPUACgkQ9RoMZyVa61f1HwCcDCWWIade84CPrOGglYUOS5Jk UPMAn0eETDcMfjPq6do1Jb92eWGud+ls =dlvr -----END PGP SIGNATURE-----
- Re: Confidentiality notices on email messages Marc Petit-Huguenin
- Confidentiality notices on email messages Barry Leiba
- Re: Confidentiality notices on email messages Jorge Contreras
- Re: Confidentiality notices on email messages Barry Leiba
- Re: Confidentiality notices on email messages Randall Gellens
- Re: Confidentiality notices on email messages J.D. Falk
- Re: Confidentiality notices on email messages Hector Santos
- Re: Confidentiality notices on email messages Huub van Helvoort
- Re: Confidentiality notices on email messages John C Klensin
- Re: Confidentiality notices on email messages Michael Richardson
- Re: Confidentiality notices on email messages Andrew Sullivan
- Re: Confidentiality notices on email messages Marc Petit-Huguenin
- Re: Confidentiality notices on email messages Alessandro Vesely
- Re: Confidentiality notices on email messages Marc Petit-Huguenin
- Re: Confidentiality notices on DNS messages Bert
- Re: Confidentiality notices on email messages Dave Cridland
- Re: Confidentiality notices on email messages Marc Petit-Huguenin
- Re: Confidentiality notices on email messages Martin Rex
- Re: Confidentiality notices on email messages John Levine
- Re: Confidentiality notices on email messages John Levine
- RE: Confidentiality notices on email messages Michel Py
- Re: Confidentiality notices on email messages Michael Richardson
- Re: Confidentiality notices on email messages Dave CROCKER
- Re: Confidentiality notices on email messages Michael Richardson
- Re: Confidentiality notices on email messages Will McAfee
- Re: Confidentiality notices on email messages Joel Jaeggli
- Re: Confidentiality notices on email messages Alessandro Vesely
- Re: Confidentiality notices on email messages Will McAfee
- Re: Confidentiality notices on email messages Randall Gellens
- Re: Confidentiality notices on email messages John C Klensin
- Re: Confidentiality notices on email messages Barry Leiba
- RE: Confidentiality notices on email messages Worley, Dale R (Dale)
- Re: Confidentiality notices on email messages Olaf Kolkman
- Re: Confidentiality notices on email messages Alessandro Vesely
- Re: Confidentiality notices on email messages Wes Hardaker
- Re: Confidentiality notices on email messages David Morris
- Re: Confidentiality notices on email messages ned+ietf
- Re: Confidentiality notices on email messages Donald Eastlake
- Re: Confidentiality notices on email messages John Levine
- RE: Confidentiality notices on email messages Murray S. Kucherawy
- Re: Confidentiality notices on email messages Nathaniel Borenstein
- Re: Confidentiality notices on email messages Harald Alvestrand
- Re: Confidentiality notices on email messages Wes Hardaker
- Re: Confidentiality notices on email messages Richard Kulawiec
- Re: Confidentiality notices on email messages ned+ietf
- Re: Confidentiality notices on email messages Nathaniel Borenstein
- Re: Confidentiality notices on email messages Harald Alvestrand