Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

Hector Santos <hsantos@isdg.net> Tue, 01 December 2015 23:37 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3180C1B2A79 for <shutup@ietfa.amsl.com>; Tue, 1 Dec 2015 15:37:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.137
X-Spam-Level:
X-Spam-Status: No, score=-101.137 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NfDlRPdjOooP for <shutup@ietfa.amsl.com>; Tue, 1 Dec 2015 15:37:45 -0800 (PST)
Received: from ntbbs.santronics.com (ftp.catinthebox.net [208.247.131.9]) by ietfa.amsl.com (Postfix) with ESMTP id 1EFC51B2A78 for <shutup@ietf.org>; Tue, 1 Dec 2015 15:37:44 -0800 (PST)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1970; t=1449013056; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=jQlrRF5BSvT74hYTqX3/KsGh4qE=; b=mJO6/xzxvpOXxqVBOr8BK7k/F4/fXlufxxizY4ZDwNX+9kEGYGzlm4HnndSDcx BXCWRXNJJbqqgpdT3ZLO8zh6tC7GVZlwDqQ4am3av0NSuOIcD14Exn0fZBjK+UGa X24euNRLIZl+327bfRxEQvG5VIiJgn+PDbr59ylJ1olvQ=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.4) for shutup@ietf.org; Tue, 01 Dec 2015 18:37:36 -0500
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com; dmarc=pass policy=none author.d=isdg.net signer.d=beta.winserver.com (atps signer);
Received: from beta.winserver.com (hector.wildcatblog.com [208.247.131.23]) by winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 901252581.19165.4024; Tue, 01 Dec 2015 18:37:35 -0500
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1970; t=1449012948; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=tB3rgp2 kxsHEqqsRWpzk667jn59z2jsHJrEtSu1XoJ0=; b=Gp8+mx2YRCxY2drTBloyN57 MOS8yymtcuk+ZPcSHvrUXAoJOqvC9kmyOFwKKsKOSF6CNuH/7+bPEatGrrd5LiL6 GbGkpI1Hma4UQi5kwQkCZN4QaPm2XA6CdtrLulT29qzA4g7zu6ulKTS3DxEUvqKW A/RukFGCoG1F3dVDvCfg=
Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.4) for shutup@ietf.org; Tue, 01 Dec 2015 18:35:48 -0500
Received: from [192.168.1.2] ([99.121.4.202]) by beta.winserver.com (Wildcat! SMTP v7.0.454.4) with ESMTP id 4135081414.9.91180; Tue, 01 Dec 2015 18:35:47 -0500
Message-ID: <565E2F38.8060408@isdg.net>
Date: Tue, 01 Dec 2015 18:37:28 -0500
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: Christian Huitema <huitema@huitema.net>, 'Martijn Grooten' <martijn@lapsedordinary.net>, ietf-smtp@ietf.org
References: <20151130042819.10658.qmail@ary.lan> <1448858775386-ceecd236-8b11ac04-a03b4438@fugue.com> <glJrvFDUtDXWFA87@highwayman.com> <1448923888960-cb7e590f-f443f8dd-7ec594e1@fugue.com> <565CD58D.9080403@dcrocker.net> <1448924778159-4b16d8e4-631c41b1-52b0fbf2@fugue.com> <605ee74e-863d-47cb-9089-fb83e13e4e38@gulbrandsen.priv.no> <565D9CFC.6070102@pscs.co.uk> <1448988713596-9f0a5014-48bb3a2c-8e1bc938@fugue.com> <565DE53F.2080904@mustelids.ca> <20151201192353.GA23999@lapsedordinary.net> <07bf01d12c71$9b88b790$d29a26b0$@huitema.net>
In-Reply-To: <07bf01d12c71$9b88b790$d29a26b0$@huitema.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/JSQai5b4M9l9AyF8hwP9xb88XUk>
Cc: shutup@ietf.org
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2015 23:37:47 -0000

On 12/1/2015 2:50 PM, Christian Huitema wrote:
>
> I am also concerned with automated mass surveillance, including traffic
> analysis. The basic traffic analysis produces "5-tupple" logs. Since a lot
> of the Internet usage is now mobile, there is no direct mapping between IP
> addresses and user identities. To move from traffic analysis to
> surveillance, the analyzers need to restore that mapping. There are multiple
> ways to do that, as explained in RFC 7624, and email headers are one of
> them.
>
> Clearly, there are also other sources of correlation between IP address and
> identity. Various IETF working groups are busy closing these other sources
> as well: MAC Address randomization to suppress direct mapping of identities
> to roaming devices; DHCP anonymity profile to remove the leakage of metadata
> in DNS packets; or, HTTPS to prevent observation of HTTP cookies. To break
> the correlation between IP address and identity, we need to also close the
> leakage in the SMTP traces.
>
> Everybody understands that there is a tension there between privacy and
> fighting spam. I get the use case of the virus-infected home PC that
> originates spam through the permissive SMTP relay of some local ISP. But
> then many mail providers feel the need to provide privacy to their users,
> which drives them to deploy their own formatting of the "received" field. We
> do have a tension there, and that tension is precisely why we want to study
> the alternatives and come up with a proposed recommendation. Hence the WG
> charter.

I'm all for "generalized" product enhancement features.

So you are proposing for SMTP developers to consider adding SMTP 
Receiver options such as:

   [X] Add "Received:" Header
       [_] Mask User IP address

Should this be at the USER or SYSTEM level? Both?   Effectively, we 
would be changing RFC5321 from a MUST to a SHOULD|MAY where a required 
protocol feature becomes optional.

-- 
HLS