IETF Logo Mail Archive

Re: [perpass] draft-josefsson-email-received-privacy

Simon Josefsson <simon@josefsson.org> Fri, 23 October 2015 13:17 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 288D71A004D for <perpass@ietfa.amsl.com>; Fri, 23 Oct 2015 06:17:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uxQ3wEKqBMxy for <perpass@ietfa.amsl.com>; Fri, 23 Oct 2015 06:17:34 -0700 (PDT)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2642B1A0040 for <perpass@ietf.org>; Fri, 23 Oct 2015 06:17:33 -0700 (PDT)
Received: from latte.josefsson.org ([155.4.17.2]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id t9NDHQFg002290 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Fri, 23 Oct 2015 15:17:27 +0200
From: Simon Josefsson <simon@josefsson.org>
To: ned+perpass@mrochek.com
References: <87r3kpmm25.fsf@nordberg.se> <01PS6UMHPA8S01729W@mauve.mrochek.com> <01PS75B6KR1W00HE89@mauve.mrochek.com>
OpenPGP: id=54265E8C; url=http://josefsson.org/54265e8c.txt
X-Hashcash: 1:22:151023:perpass@ietf.org::tGy7sRNOSPdLVNYj:Fxky
X-Hashcash: 1:22:151023:linus@nordberg.se::tICy+TlsmZgXxmq3:IlIo
X-Hashcash: 1:22:151023:ned@mrochek.com::SON/1tA1m2OC0Q5D:eFAC
Date: Fri, 23 Oct 2015 15:17:25 +0200
In-Reply-To: <01PS75B6KR1W00HE89@mauve.mrochek.com> (ned's message of "Thu, 22 Oct 2015 03:47:41 -0700 (PDT)")
Message-ID: <87wpud207u.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/24.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/3w8G_bEWgyMpFAAMNyUIhCHswNE>
Cc: Linus Nordberg <linus@nordberg.se>, perpass@ietf.org
Subject: Re: [perpass] draft-josefsson-email-received-privacy
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Oct 2015 13:17:35 -0000

ned+perpass@mrochek.com writes:

> Correction to my previous posting: The by clause is also mandatory in
> Received: fields, and contains a domain and optionally an IP address.
> To the extent it represents a privacy exposure, it can be handled in the
> same fashion as the from clause.

Thanks for pointing this out.  We didn't see the BY clause IP/hostname
as serious of a problem, since it is the entity who owns that IP address
who puts the line in there.  If that entity doesn't want its own IP
address in there, it could lie.  The FROM clause contains the IP address
of someone else, who the entity isn't necessarily authorized to store
and forward IP address information about, so it is more problematic.
But I agree that both concerns are relevant and that the document should
allow, and probably encourage, not leaking any of the IP addresses.

/Simon

v2.23.0 | Report a Bug | By Email