Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

Randall Gellens <rg+ietf@randy.pensive.org> Mon, 30 November 2015 17:29 UTC

Return-Path: <rg+ietf@randy.pensive.org>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 619841B2A0E; Mon, 30 Nov 2015 09:29:17 -0800 (PST)
X-Quarantine-ID: <5_R6TEyfO2je>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "MIME-Version"
X-Spam-Flag: NO
X-Spam-Score: -0.51
X-Spam-Level:
X-Spam-Status: No, score=-0.51 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5_R6TEyfO2je; Mon, 30 Nov 2015 09:29:16 -0800 (PST)
Received: from turing.pensive.org (turing.pensive.org [99.111.97.161]) by ietfa.amsl.com (Postfix) with ESMTP id 55E051B2A0F; Mon, 30 Nov 2015 09:29:15 -0800 (PST)
Received: from [99.111.97.136] (99.111.97.161) by turing.pensive.org with ESMTP (EIMS X 3.3.9); Mon, 30 Nov 2015 09:29:14 -0800
Mime-Version: 1.0
Message-Id: <p06240600d2823630b02e@[99.111.97.136]>
In-Reply-To: <565B81F4.8090401@bluepopcorn.net>
References: <alpine.OSX.2.11.1511282155180.1479@ary.lan> <565A7234.7010000@alameth.org> <Eoqbyz/axxwfm7I0m8X7QOm53qcBtCJIuS/eiVFyCig=.sha-256@antelope.email> <072F93223CD351A88ECCDB69@JcK-HP5.jck.com> <etPan.565b31fa.335268bd.11ea@dhcp-whq-twvpn-1-vpnpool-10-159-139-85.v pn.oracle.com> <565B81F4.8090401@bluepopcorn.net>
X-Mailer: Eudora for Mac OS X
Date: Mon, 30 Nov 2015 09:29:10 -0800
To: ietf-smtp@ietf.org, shutup@ietf.org
From: Randall Gellens <rg+ietf@randy.pensive.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Random-Sig-Tag: 1.0b28
X-Random-Sig-Tag: 1.0b28
X-Random-Sig-Tag: 1.0b28
X-Random-Sig-Tag: 1.0b28
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/GK9PdbyMEdO78UbPCxuaGPdtEz0>
X-Mailman-Approved-At: Mon, 30 Nov 2015 09:34:46 -0800
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Nov 2015 17:29:17 -0000

At 2:53 PM -0800 11/29/15, Jim Fenton wrote:

>  On 11/29/2015 09:12 AM, Chris Newman wrote:
>
>>  I oppose the current shutup charter text and 
>> draft-josefsson-email-received-privacy as both promote the 
>> elimination of mechanisms that protect users from fraud and abuse.
>>
>
>  Agreed,

Also agree.

>   and to be more specific:
>
>  The proposed charter speaks of Received header fields leaking 
> address information that can expose user location. Yes, they can. 
> But, in general, that information is essential to identifying 
> spoofed header fields: it's by tracing the chain of "from" 
> addresses in Received header fields that one can determine that 
> someone is attempting to do something fraudulent.

Very true.  It seems to me that every few years, proposals are made 
to effectively destroy 'Received' header fields without understanding 
how and why they are so useful.

>   Further, I don't have a lot of sympathy for organizations that 
> rely on the secrecy of their network topologies as an essential 
> security component. We're trying to increase the trust in email, 
> not reduce it.

Agree.  This is security through obscurity, and generally promoted by 
people who can't explain how it really helps.
>
>  draft-josefsson-email-received-privacy mentions the issue of 
> senders' locations appearing on mailing lists and in mailing list 
> archives. I have long felt that we are conflicted on whether the 
> output of a mailing list is a new message or the same as the one 
> sent to the mailing list. It usually has a different MAIL FROM 
> address, and often has text added to the message body, which I 
> would think is enough of a change to make it a new message. Yet the 
> Message-ID and Received header fields are preserved. I would think 
> that an entire new message should be created, a new Message-ID 
> assigned, and DKIM signed by the mailing list's domain (of 
> course!). Only selected header fields would be transferred to the 
> new message. The original incoming header fields should be 
> available only to the list administrators, who deal with abuse 
> issues.

This assumes that each mailing list has the best possible spam 
filtering and does the best possible job detecting forged header 
fields.  Since that isn't the case, we need to permit each mailing 
list subscriber to see how a message was sent to the list.

-- 
Randall Gellens
Opinions are personal;    facts are suspect;    I speak for myself only
-------------- Randomly selected tag: ---------------
When I was younger, I could remember anything, whether it had
happened or not.                                --Mark Twain