Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

Jim Fenton <fenton@bluepopcorn.net> Sun, 29 November 2015 22:53 UTC

To: ietf-smtp@ietf.org, shutup@ietf.org
References: <alpine.OSX.2.11.1511282155180.1479@ary.lan> <565A7234.7010000@alameth.org> <Eoqbyz/axxwfm7I0m8X7QOm53qcBtCJIuS/eiVFyCig=.sha-256@antelope.email> <072F93223CD351A88ECCDB69@JcK-HP5.jck.com> <etPan.565b31fa.335268bd.11ea@dhcp-whq-twvpn-1-vpnpool-10-159-139-85.vpn.oracle.com>
From: Jim Fenton <fenton@bluepopcorn.net>
Message-ID: <565B81F4.8090401@bluepopcorn.net>
Date: Sun, 29 Nov 2015 14:53:40 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <etPan.565b31fa.335268bd.11ea@dhcp-whq-twvpn-1-vpnpool-10-159-139-85.vpn.oracle.com>
Content-Type: multipart/alternative; boundary="------------070004060306030506090107"
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/0dP0vPczq2AFpiysnuDs76laT28>
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
Precedence: list

On 11/29/2015 09:12 AM, Chris Newman wrote:
> I oppose the current shutup charter text
> and draft-josefsson-email-received-privacy as both promote the
> elimination of mechanisms that protect users from fraud and abuse.

Agreed, and to be more specific:

The proposed charter speaks of Received header fields leaking address
information that can expose user location. Yes, they can. But, in
general, that information is essential to identifying spoofed header
fields: it's by tracing the chain of "from" addresses in Received header
fields that one can determine that someone is attempting to do something
fraudulent. Further, I don't have a lot of sympathy for organizations
that rely on the secrecy of their network topologies as an essential
security component. We're trying to increase the trust in email, not
reduce it.

There are users for whom their privacy is critically important, such as
press informants in totalitarian societies. There are many other ways to
determine their location (network monitoring coupled with a STARTTLS
downgrade attack, for one), and it would be harmful (potentially
life-threatening) if anyone thought that this would truly protect them.
They should be using something like SecureDrop and not using email at all.

draft-josefsson-email-received-privacy mentions the issue of senders'
locations appearing on mailing lists and in mailing list archives. I
have long felt that we are conflicted on whether the output of a mailing
list is a new message or the same as the one sent to the mailing list.
It usually has a different MAIL FROM address, and often has text added
to the message body, which I would think is enough of a change to make
it a new message. Yet the Message-ID and Received header fields are
preserved. I would think that an entire new message should be created,a
new Message-ID assigned, and DKIM signed by the mailing list's domain
(of course!). Only selected header fields would be transferred to the
new message. The original incoming header fields should be available
only to the list administrators, who deal with abuse issues.

What would the motivation be for anyone to implement any header privacy
improvements? There is far too much deployed infrastructure to get a
change to be made, absent a very strong business case. We could spend a
lot of time on this and not have it matter a bit.

I would support some work on the mailing list issue resulting in a set
of recommended practices, and possibly guidance on obscuring the source
IP address when an authenticated submission is made to an MSA. But
that's it.

-Jim

Re: [Shutup] Proposed Charter for something Ted Lemon
[Shutup] Proposed Charter for the "SMTP Headers U… Alexey Melnikov
Re: [Shutup] Proposed Charter for the "SMTP Heade… John R Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Alexey Melnikov
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Jim Fenton
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Christian Huitema
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ned Freed
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Rolf E. Sonneveld
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Newman
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Steve Atkins
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Richard Clayton
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ned Freed
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ned Freed
Re: [Shutup] chained authorizationm, was Proposed… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] chained authorizationm, was Proposed… Dave Crocker
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Al Iverson
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Steve Atkins
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Randall Gellens
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Martijn Grooten
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ned Freed
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Tony Finch
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Kurt Andersen (b)
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Martijn Grooten
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Christian Huitema
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Hector Santos
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Martijn Grooten
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] real life privacy tradeo… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
Re: [Shutup] [ietf-smtp] real life privacy tradeo… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
Re: [Shutup] [ietf-smtp] real life privacy tradeo… John Levine
Re: [Shutup] [ietf-smtp] real life privacy tradeo… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Derek J. Balling
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Derek J. Balling
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Simon Josefsson
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Derek J. Balling
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Richard Clayton
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Christian Huitema
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Steve Atkins
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Al Iverson
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Kurt Andersen
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Robert A. Rosenberg
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Al Iverson
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
Re: [Shutup] [ietf-smtp] real life privacy tradeo… Derek J. Balling
Re: [Shutup] [ietf-smtp] Proposed Charter for the… MH Michael Hammer (5304)
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] real life privacy tradeo… Christian Huitema
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Robert A. Rosenberg
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Robert A. Rosenberg
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Hector Santos
[Shutup] Proposed Charter for the "SMTP Headers U… SM
Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
Re: [Shutup] Proposed Charter for the "SMTP Heade… Ned Freed
Re: [Shutup] Proposed Charter for the "SMTP Heade… SM
Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
Re: [Shutup] Proposed Charter for the "SMTP Heade… Christian Huitema
Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
Re: [Shutup] Proposed Charter for the "SMTP Heade… SM
Re: [Shutup] Proposed Charter for the "SMTP Heade… Martijn Grooten
Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
Re: [Shutup] Proposed Charter for something John Levine
Re: [Shutup] Proposed Charter for the "SMTP Heade… Robert A. Rosenberg
Re: [Shutup] Proposed Charter for something Dave Crocker
Re: [Shutup] Proposed Charter for something Martijn Grooten
Re: [Shutup] [ietf-smtp] Proposed Charter for som… John C Klensin
Re: [Shutup] Proposed Charter for something Stephen Farrell
Re: [Shutup] Proposed Charter for the "SMTP Heade… Ned Freed
Re: [Shutup] Proposed Charter for the "SMTP Heade… Stephen Farrell
Re: [Shutup] Proposed Charter for the "SMTP Heade… Christian Huitema
Re: [Shutup] [ietf-smtp] Proposed Charter for som… Chris Lewis
Re: [Shutup] Proposed Charter for something Hector Santos