Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

Ted Lemon <mellon@fugue.com> Mon, 30 November 2015 02:18 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7B341A1B98 for <shutup@ietfa.amsl.com>; Sun, 29 Nov 2015 18:18:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.487
X-Spam-Level:
X-Spam-Status: No, score=-2.487 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.585, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bCoxWiNsVHId for <shutup@ietfa.amsl.com>; Sun, 29 Nov 2015 18:18:09 -0800 (PST)
Received: from fugue.com (mail-2.fugue.com [IPv6:2a01:7e01::f03c:91ff:fee4:ad68]) by ietfa.amsl.com (Postfix) with ESMTP id 4775A1A1B86 for <shutup@ietf.org>; Sun, 29 Nov 2015 18:18:08 -0800 (PST)
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="----sinikael-?=_1-14488498833040.29079446429386735"
From: Ted Lemon <mellon@fugue.com>
To: shutup@ietf.org
In-Reply-To: <20151129181346.9221.qmail@ary.lan>
References: <20151129181346.9221.qmail@ary.lan>
Date: Mon, 30 Nov 2015 02:18:03 +0000
Message-Id: <1448849884345-6302c7ad-3551840c-2a0b598f@fugue.com>
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/1K8udHW1bO9RCR2KgOzstSvOOn0>
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Nov 2015 02:18:11 -0000

Sunday, Nov 29, 2015 1:13 PM John Levine wrote:
> It's not even privacy vs. ops support, it's privacy issues via some
> hints of sender's location vs. privacy issues via the recipient
> getting spammed, phished, and malware'd.

The only Received: header fields that you can trust are the ones that were added by servers in your administrative domain.   Anything else, you have to trace back through the logs hop by hop to actually know that the mail transited those systems; otherwise, an attacker can fake up whatever Received: header fields they want in order to cast blame on whomever they want to harm.   That being the case, all the Received: header field needs to contain is a token that can be used to backtrace the message to its origin using the logs: anything else is superfluous.   So postcarding all kinds of private information about the end user is not only not actually useful for the reason you suggest, it is actively harmful to the end user.

> You are completely correct that there's been no discussion at all of
> the tradeoffs.  After all, the vast majority of mail these days is
> malicious, and the largest mail provider in the world already redacts
> most senders' location info.

The conclusion I would draw here is that we ought to advice all the other providers to do this as well.   IOW, this argument supports the proposed work, rather than showing that it is unnecessary or harmful.


--
Sent from Whiteout Mail - https://whiteout.io

My PGP key: https://keys.whiteout.io/mellon@fugue.com