Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

Richard Clayton <richard@highwayman.com> Wed, 02 December 2015 18:23 UTC

Return-Path: <richard@highwayman.com>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB0CB1ACDEB; Wed, 2 Dec 2015 10:23:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.353
X-Spam-Level: *
X-Spam-Status: No, score=1.353 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tqH20wh5wyDW; Wed, 2 Dec 2015 10:23:50 -0800 (PST)
Received: from mail.highwayman.com (happyday.demon.co.uk [80.177.121.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A9921ACDF2; Wed, 2 Dec 2015 10:23:50 -0800 (PST)
Received: from localhost ([127.0.0.1]:52892 helo=happyday.al.cl.cam.ac.uk) by mail.highwayman.com with esmtp (Exim 4.86) (envelope-from <richard@highwayman.com>) id 1a4C4C-0000ag-Jo; Wed, 02 Dec 2015 18:23:48 +0000
Message-ID: <s0K4btEabzXWFA88@highwayman.com>
Date: Wed, 2 Dec 2015 18:22:18 +0000
To: ietf-smtp@ietf.org
From: Richard Clayton <richard@highwayman.com>
References: <20151130042819.10658.qmail@ary.lan> <1448858775386-ceecd236-8b11ac04-a03b4438@fugue.com> <01PTPUIP3IUK01729W@mauve.mrochek.com> <11d014e5-9a6a-4b78-92a1-8e0a1e0a905d@gulbrandsen.priv.no> <lGTaHvC8ygXWFAuu@highwayman.com> <565EBD82.2030600@pscs.co.uk> <1449065151122-b9505bf5-be5f0e83-f9cdd79b@fugue.com> <565EFD93.2060507@pscs.co.uk> <1449070095816-c64690a8-829c0c47-fd944ab9@fugue.com> <565F162F.7010109@dcrocker.net> <565F1D1F.6080307@megacity.org> <565F1FCE.9040702@cs.tcd.ie> <565F2262.9080002@dcrocker.net> <565F236A.8060609@megacity.org> <565F2959.2080606@dcrocker.net> <565F2B73.3000407@megacity.org>
In-Reply-To: <565F2B73.3000407@megacity.org>
MIME-Version: 1.0
X-Mailer: Turnpike Integrated Version 5.03 M <baz$+$P377f8hNKLGSb+d+lchv>
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/8PziqiedQRVdWF58pH0cM6YNgAc>
Cc: shutup@ietf.org
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2015 18:23:52 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In message <565F2B73.3000407@megacity.org>rg>, Derek J. Balling
<dredd@megacity.org> writes

>"Is there clear indication that 'the community' wants to do this". OK,
>how do we determine that?
>"by virtue of there being folk who want spend time on wg development"? 
>It seems to be case that such people exist, or we wouldn't be having
>this discussion. "(and) they or other folk making noises about interest
>in implementing and developing it" It seems like this whole discussion
>is that of "them and other folks" making noises about implementing and
>developing it.

I'm unclear how many implementors and developers have chimed in so far.
The people whose names I have recognised have pretty much all been anti-
spam experts (working or consulting for large providers).

A concern would be that some of the enthusiasm for the process is people
may be planning to use the existence of an RFC as a stick with which to
beat into submission the implementors and the developers ("but you have
to do this, the IETF said so"). Now that may be the right way to
proceed, but I'm not entirely sure if the implementors and developers
would entirely concur.

Of course a sophisticated understanding of the different types of RFC
(and the precise meaning of SHOULD) makes this a non-issue, but that
understanding is thinly spread.

>> If there is no obvious problem with doing work in this space, then
>> yeah waiting until it's done to look for specific problems makes
>> sense. But that's not applicable for the current type of work, as
>> dangers of the /category/ of work have already been cited. d/ 
>As the proponents of the WG have noted, the "big four" webmail providers
>are already to some extent doing things similar to what the
>WG-proponents are considering, 

I'm not quite sure what is being considered, so I would disagree for
that reason alone.

>and the Internet hasn't collapsed in pain
>from their so doing. 

I know many in Law Enforcement who are extremely pained that what used
to be a trivial exercise in processing header field data from MAGY to
assess whether an investigation will be easy is no longer practical.

This has put a big delay in the way of determining how best to pursue an
email related lead (or indeed to decide whether or not a case is
tractable at all).

That may not pain you, but I assure you it pains the victims, and no I'm
not going to spend the rest of the day providing references as to the
accuracy of that claim. but reading this might give some clues:

<https://www.lightbluetouchpaper.org/2015/11/20/the-emotional-cost-of-
cybercrime/>

Of course the triage that I describe would be in most cases satisfied by
a "blob" that gave AS number and a user identifier (allowing a view to
be taken regarding jurisdiction and number of incidents that would be
linked).

In fact a user identifier would work better than IP addresses which can
vary considerably and in the case of mobile are pretty much useless as
identifiers of people. But any work schedule needs to make clear if the
aim is to hide identity or location or both -- there's separate trade-
offs for each.

- -- 
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBVl822uINNVchEYfiEQKtiwCfc3a6uo22E+63YeNmHOHE62jhROUAnAl/
okbW+O+pLQIPpNYd08b6R/FD
=tXBF
-----END PGP SIGNATURE-----