Re: [perpass] draft-josefsson-email-received-privacy
Simon Josefsson <simon@josefsson.org> Mon, 26 October 2015 08:35 UTC
Return-Path: <simon@josefsson.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 723BC1B38E1 for <perpass@ietfa.amsl.com>; Mon, 26 Oct 2015 01:35:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T2UH-mnz3CkS for <perpass@ietfa.amsl.com>; Mon, 26 Oct 2015 01:35:35 -0700 (PDT)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8826D1B38E0 for <perpass@ietf.org>; Mon, 26 Oct 2015 01:35:35 -0700 (PDT)
Received: from latte.josefsson.org ([155.4.17.2]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id t9Q8ZNoP015061 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 26 Oct 2015 09:35:24 +0100
From: Simon Josefsson <simon@josefsson.org>
To: Christian Huitema <huitema@huitema.net>
References: <871tcl3f03.fsf@latte.josefsson.org> <20151024224621.15562.qmail@ary.lan> <0c5701d10f8f$882e4a10$988ade30$@huitema.net>
OpenPGP: id=54265E8C; url=http://josefsson.org/54265e8c.txt
X-Hashcash: 1:22:151026:johnl@taugh.com::Srlxb2NuE/MclTSp:3DQl
X-Hashcash: 1:22:151026:perpass@ietf.org::d9eUJRmLgDMWooAt:9q+C
X-Hashcash: 1:22:151026:huitema@huitema.net::Pyl/KNT90XO/v/3o:MF5C
Date: Mon, 26 Oct 2015 09:35:22 +0100
In-Reply-To: <0c5701d10f8f$882e4a10$988ade30$@huitema.net> (Christian Huitema's message of "Sun, 25 Oct 2015 18:42:09 -0700")
Message-ID: <87pp02rprp.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/24.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/N7NLHc2KYGlDfNqpZl5wYqFOcSI>
Cc: perpass@ietf.org, 'John Levine' <johnl@taugh.com>
Subject: Re: [perpass] draft-josefsson-email-received-privacy
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Oct 2015 08:35:37 -0000
"Christian Huitema" <huitema@huitema.net> writes: > On Saturday, October 24, 2015 3:46 PM, John Levine wrote: >> ... >> My suggestion would be to start by finding people who have experience >> in large mail systems (Ned would be a good start if he has the time), >> and then state clearly what you're trying to do. It looks like it's >> identifying and minimizing the amount of PII collected, reported (to >> downstream consumers), and logged (for internal users) for incoming >> mail. Once you've done that, it'd be quite interesting to try and see >> what gets collected, and what the tradeoffs are if you don't collect >> it or don't report or log it. > > That sounds like a reasonable plan. Let's start, then. What about having > interested parties meet at a bar in Yokohama, say Monday evening, and start > drafting the first solution? I would be happy to pay the first round of > drinks, if that speeds up consensus... Sounds like a good idea, thanks for suggesting it. I'm hoping Linus will be able to make it since I won't be there. I am concerned about taking on a too wide scope. I think it may be possible to reach closure on improving the Received header wrt privacy. I'm not against taking on the larger problems mentioned above, however I feel that it should not stand in the way of progress of fixing some identified problems of the Received header, and I worry that a wider task may not reach closure. To have a starting point for a problem statement for what I'd like to focus on, the Received header, I would propose: 1) The Problem: SMTP agents add IP addresses and timestamp information about its clients in the Received header, in a way that clients aren't able to influence. 2) Deployment Consideration: Received headers are useful for mail loop detection and debugging by humans, and must continue to serve that purpose as good possible, so as long as it doesn't violate the privacy problem identified in 1). 3) Work-together Consideration: If there are deployment of related ideas already, we want to follow and describe them as long as it solves the problem in 1) and retain the useful properties in 2). 4) Simplicity: Pick the simplest solution that meets the requirements. I'd like to get away from the focus on SMTP submissions, the privacy violation affects all SMTP relaying. Submission may be the most critical part, but there are other situations when you don't want your client's IP address or time of communication to leak. /Simon
- [perpass] draft-josefsson-email-received-privacy Linus Nordberg
- Re: [perpass] draft-josefsson-email-received-priv… Christian Huitema
- Re: [perpass] draft-josefsson-email-received-priv… Nick Doty
- Re: [perpass] draft-josefsson-email-received-priv… Brian Trammell
- Re: [perpass] draft-josefsson-email-received-priv… ned+perpass
- Re: [perpass] draft-josefsson-email-received-priv… Stephen Farrell
- Re: [perpass] draft-josefsson-email-received-priv… ned+perpass
- Re: [perpass] draft-josefsson-email-received-priv… Simon Josefsson
- Re: [perpass] draft-josefsson-email-received-priv… Simon Josefsson
- Re: [perpass] draft-josefsson-email-received-priv… Simon Josefsson
- Re: [perpass] draft-josefsson-email-received-priv… Jacob Appelbaum
- Re: [perpass] draft-josefsson-email-received-priv… John Levine
- Re: [perpass] draft-josefsson-email-received-priv… Christian Huitema
- Re: [perpass] draft-josefsson-email-received-priv… John R Levine
- Re: [perpass] draft-josefsson-email-received-priv… Stephen Farrell
- Re: [perpass] draft-josefsson-email-received-priv… Simon Josefsson
- Re: [perpass] draft-josefsson-email-received-priv… John R Levine
- Re: [perpass] draft-josefsson-email-received-priv… Simon Josefsson
- Re: [perpass] draft-josefsson-email-received-priv… John R Levine
- Re: [perpass] draft-josefsson-email-received-priv… ned+perpass
- Re: [perpass] draft-josefsson-email-received-priv… John R Levine
- Re: [perpass] draft-josefsson-email-received-priv… ned+perpass
- Re: [perpass] draft-josefsson-email-received-priv… Linus Nordberg
- Re: [perpass] draft-josefsson-email-received-priv… John R Levine