IETF Logo Mail Archive

Re: [perpass] draft-josefsson-email-received-privacy

"John R Levine" <johnl@taugh.com> Mon, 26 October 2015 16:51 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 497FA1B4EEB for <perpass@ietfa.amsl.com>; Mon, 26 Oct 2015 09:51:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.137
X-Spam-Level:
X-Spam-Status: No, score=-1.137 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SnjTn6Kw7n9z for <perpass@ietfa.amsl.com>; Mon, 26 Oct 2015 09:51:37 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9DF01A014B for <perpass@ietf.org>; Mon, 26 Oct 2015 09:51:27 -0700 (PDT)
Received: (qmail 50582 invoked from network); 26 Oct 2015 16:51:27 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=c595.562e5a0f.k1510; bh=8ZYj0QlyNdZPZCOTPQHecOjDHSXV+t1SU4aWSZjhvaE=; b=j5mMqFYeqChnL/A63Z30qTY9+5WdBt6PNmwamPqS9lp+ncP3+9mZNq/zGIfOvEBNLsQ5VMxDgYnJj/tGcSojGk6uZ44Qn0nn+SdpISFnkMPeKxhHOpI2LB4fxxtvJh+SLF2wze9X4V7N47D1s+f3dyeGZuysacczA+RJWZi9DEy+WpK5I+SjOypOPPe3HKRIc2Cv4VOO3wLZfB8JpixkQ5XyXP5xwZnzLNsAu1XI2MIsYWSRc0oVcySAiOvD89rW
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=c595.562e5a0f.k1510; bh=8ZYj0QlyNdZPZCOTPQHecOjDHSXV+t1SU4aWSZjhvaE=; b=Qjo+UENLE5dZHx6N/spWEDox9U7buTNtDASZ+RImNh5m0/oK/4ztSGH7gLB8gFzUn0YPdZoZ+deEWlmOogqJLGodmm9R1vu57KBMc/zxgemFFKdlU5xcUlH7m2g/pqF69jA+Bk76x8TTLkcENDLbG1xYnD1bH7kqR3S2wdQrRKjRplNwkFWWm8B8RefVxEJxHZ9rw8jxpPA5I0ikBYIyqK1aKYThnMKbs0JPRPoxbfe08LDrIh0+GQIXRC7wda3w
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 26 Oct 2015 16:51:27 -0000
Date: Mon, 26 Oct 2015 12:51:25 -0400
Message-ID: <alpine.OSX.2.11.1510261231330.23457@ary.lan>
From: John R Levine <johnl@taugh.com>
To: Simon Josefsson <simon@josefsson.org>
In-Reply-To: <87h9ldsl0c.fsf@latte.josefsson.org>
References: <871tcl3f03.fsf@latte.josefsson.org> <20151024224621.15562.qmail@ary.lan> <0c5701d10f8f$882e4a10$988ade30$@huitema.net> <87pp02rprp.fsf@latte.josefsson.org> <alpine.OSX.2.11.1510261028510.23347@ary.lan> <87h9ldsl0c.fsf@latte.josefsson.org>
User-Agent: Alpine 2.11 (OSX 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/-HFDdXN75TbRPtTvEd60w48hyTg>
Cc: perpass@ietf.org
Subject: Re: [perpass] draft-josefsson-email-received-privacy
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Oct 2015 16:51:38 -0000

>> stolen is a privacy problem, this is not a simple question, and any
>> simple answer is wrong.
>
> Agreed.  I'm merely concerned that if we can't come up with a solution
> to having someone's bank account credentials stolen, we shouldn't stall
> attempting to resolve smaller problems that we can identify, such as a
> privacy violation in the Received header.

I hope you agree with the part where I said that any simple answer is 
wrong.

On my system, most real mail comes from the three gorillas, from ISPs such 
as T-W and Comcast, and from local schools or businesses.  Since we are 
weenies, a certain amount comes through mailing lists.  In every one of 
those cases, the IP address in the received header is the address of the 
server at the mail system, the institution, or the mailing list.  It tells 
you nothing you didn't already know if you looked at the bounce address in 
the SMTP envelope, or the From: or List-ID: in the message body.

The spam mostly comes from compromised servers and botnets, where the IP 
tells you who the legitmate operator is (not the botnet operator) and 
indirectly where to send abuse reports.  Since that mail isn't sent by the 
party legitimately associated with the IP, and the only place the mail 
goes is back to the operator in a spam report, it's hard to see any 
privacy issues there, either.

If you were talking about Received headers added in submission rather than 
SMTP, there are plausible PII issues, but there you will find that as 
often than not the sending MTA already obscures the location of the user, 
particularly when messages are submitted via webmail.  On the other hand, 
for abuse management it's essential that it be there in some form so the 
sending system can figure out which of its users is misbehaving or has 
been compromised.

So I think it is fine to look at the issues and see where we might make 
improvements, but it is a bad idea to rush to naive changes that don't 
address real privacy issues but do cause real problems for operations and 
security.

Regards,
John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.

v2.23.0 | Report a Bug | By Email