Re: [perpass] draft-josefsson-email-received-privacy
Brian Trammell <ietf@trammell.ch> Wed, 21 October 2015 06:02 UTC
Return-Path: <ietf@trammell.ch>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D7121B2F61 for <perpass@ietfa.amsl.com>; Tue, 20 Oct 2015 23:02:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.912
X-Spam-Level:
X-Spam-Status: No, score=-1.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yq5DbemhYsMf for <perpass@ietfa.amsl.com>; Tue, 20 Oct 2015 23:02:29 -0700 (PDT)
Received: from trammell.ch (trammell.ch [5.148.172.66]) by ietfa.amsl.com (Postfix) with ESMTP id CA5A01B2F6F for <perpass@ietf.org>; Tue, 20 Oct 2015 23:02:28 -0700 (PDT)
Received: from [10.0.27.109] (dynamic-94-247-222-033.catv.glattnet.ch [94.247.222.33]) by trammell.ch (Postfix) with ESMTPSA id 10EB61A023E; Wed, 21 Oct 2015 08:02:27 +0200 (CEST)
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
Content-Type: multipart/signed; boundary="Apple-Mail=_75ADC41B-57CD-497C-823B-E213556E4327"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.5.2
From: Brian Trammell <ietf@trammell.ch>
In-Reply-To: <87r3kpmm25.fsf@nordberg.se>
Date: Wed, 21 Oct 2015 08:02:26 +0200
Message-Id: <CAC0FF22-DC23-4E47-98CD-F94D63819723@trammell.ch>
References: <87r3kpmm25.fsf@nordberg.se>
To: Linus Nordberg <linus@nordberg.se>
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/35Q6xND-T_ATn_qdKWph9VZhH8Y>
Cc: perpass@ietf.org
Subject: Re: [perpass] draft-josefsson-email-received-privacy
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Oct 2015 06:02:31 -0000
hi Linus, +1 to the chorus of "thanks for writing this up". I can't believe I'm going to pick 2119 nits on a -00, but here goes: "If you care about X, MUST NOT" is a weird construct. MUST is "an absolute prohibition", so putting it next to a conditional isn't quite right. What I think you mean is covered exactly by SHOULD NOT: "there may exist valid reasons in particular circumstances when the particular behavior is acceptable or even useful, but the full implications should be understood and the case carefully weighed before implementing any behavior described with this label." Of course, this sounds weaker than the nice hefty MUST NOT. But unless we want to deprecate the Received header completely and replace it with a less privacy-odious method to achieve operational debugging of SMTP (which i'd be fully in favor of, though I'm not an SMTP geek so I'm not sure what would be involved), this is as good as it gets. What is unconditional, and can be specified as such for implementations, is that operators need a knob. So I'd suggest splitting this out, replacing section 2 in its entirety with: SMTP protocol entities, including transfer agents and submission agents, MUST provide operators with a mechanism to configure whether a Received header will be added to the messages they handle. Operators of these protocol entities SHOULD disable the Received header using this mechanism in order to reduce risks to the privacy of the submitting entity. Thanks again, cheers, Brian > On 20 Oct 2015, at 20:28, Linus Nordberg <linus@nordberg.se> wrote: > > Hi, > > draft-josefsson-email-received-privacy-00 has been submitted, see > https://datatracker.ietf.org/doc/draft-josefsson-email-received-privacy/ > > I'd be interested in hearing what people on the perpass list think of > this. > > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass
- [perpass] draft-josefsson-email-received-privacy Linus Nordberg
- Re: [perpass] draft-josefsson-email-received-priv… Christian Huitema
- Re: [perpass] draft-josefsson-email-received-priv… Nick Doty
- Re: [perpass] draft-josefsson-email-received-priv… Brian Trammell
- Re: [perpass] draft-josefsson-email-received-priv… ned+perpass
- Re: [perpass] draft-josefsson-email-received-priv… Stephen Farrell
- Re: [perpass] draft-josefsson-email-received-priv… ned+perpass
- Re: [perpass] draft-josefsson-email-received-priv… Simon Josefsson
- Re: [perpass] draft-josefsson-email-received-priv… Simon Josefsson
- Re: [perpass] draft-josefsson-email-received-priv… Simon Josefsson
- Re: [perpass] draft-josefsson-email-received-priv… Jacob Appelbaum
- Re: [perpass] draft-josefsson-email-received-priv… John Levine
- Re: [perpass] draft-josefsson-email-received-priv… Christian Huitema
- Re: [perpass] draft-josefsson-email-received-priv… John R Levine
- Re: [perpass] draft-josefsson-email-received-priv… Stephen Farrell
- Re: [perpass] draft-josefsson-email-received-priv… Simon Josefsson
- Re: [perpass] draft-josefsson-email-received-priv… John R Levine
- Re: [perpass] draft-josefsson-email-received-priv… Simon Josefsson
- Re: [perpass] draft-josefsson-email-received-priv… John R Levine
- Re: [perpass] draft-josefsson-email-received-priv… ned+perpass
- Re: [perpass] draft-josefsson-email-received-priv… John R Levine
- Re: [perpass] draft-josefsson-email-received-priv… ned+perpass
- Re: [perpass] draft-josefsson-email-received-priv… Linus Nordberg
- Re: [perpass] draft-josefsson-email-received-priv… John R Levine