Re: [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG

Chris Lewis <ietf@mustelids.ca> Sun, 06 December 2015 08:26 UTC

Return-Path: <ietf@mustelids.ca>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06A0D1A9037 for <shutup@ietfa.amsl.com>; Sun, 6 Dec 2015 00:26:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.043
X-Spam-Level: ***
X-Spam-Status: No, score=3.043 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FH_RELAY_NODNS=1.451, RDNS_NONE=0.793, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1ZC3UcnSueQ6 for <shutup@ietfa.amsl.com>; Sun, 6 Dec 2015 00:26:51 -0800 (PST)
Received: from stoat.mustelids.ca (unknown [174.35.246.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFA371A902A for <shutup@ietf.org>; Sun, 6 Dec 2015 00:26:50 -0800 (PST)
Received: from [192.168.0.6] (badger.mustelids.ca [192.168.0.6]) (authenticated bits=0) by stoat.mustelids.ca (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id tB68Qnjr010295 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for <shutup@ietf.org>; Sun, 6 Dec 2015 03:26:49 -0500
To: shutup@ietf.org
References: <6.2.5.6.2.20151205205343.0c75fed0@elandnews.com> <5663D70D.30707@mustelids.ca> <6.2.5.6.2.20151205230057.06a26038@resistor.net>
From: Chris Lewis <ietf@mustelids.ca>
X-Enigmail-Draft-Status: N1110
Message-ID: <5663F149.7060207@mustelids.ca>
Date: Sun, 6 Dec 2015 03:26:49 -0500
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.23) Gecko/20090812 Thunderbird/2.0.0.23 Mnenhy/0.7.6.666
MIME-Version: 1.0
In-Reply-To: <6.2.5.6.2.20151205230057.06a26038@resistor.net>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/RFCV2cS8-jiBEDYi9iZfpW8yaTA>
Subject: Re: [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Dec 2015 08:26:52 -0000

On 12/06/2015 02:48 AM, SM wrote:
> Hello,
> At 22:34 05-12-2015, Chris Lewis wrote:
>> Privacy is only about state surveillance?  That seems to be a, um,
>> remarkably narrow definition, and completely ignores the privacy
>> issues that people usually get harmed by.  Furthermore, state
>> surveillance doesn't need to scrape headers, they just get the
>> providers to reveal the contents of their logs, which no amount of
>> header obfuscation can hide.
>
> It is indeed a narrow definition.  I am limiting my discussion of the
> proposed charter to what has previously been discussed on the perpass
> mailing list [1] and on this mailing list.  It is up to the participant
> working for provider which was asked to reveal the contents of its logs
> to argue for including that aspect in the proposed charter if the
> participant wishes to do so.
>
>> The NSA didn't get their 5 years worth of universal phone penlogs from
>> tapping wires, they did it with taps right into the provider's
>> equipment.  No amount of on-the-wire fussing would have done a thing.
>
> That is not mentioned in RFC 7258.

I don't see how that matters.

Also, as others have remarked, legal/regulatory log access is 
out-of-scope for the IETF (a legal/regulatory issue not a technical 
one), so how could RFC7258 mention it?  Out of scope is out of scope, 
whether the provider wants to include it or not.

I'll also note that the second page of RFC7258 specifically states:

"The motivation for PM can range from non-targeted nation-state
surveillance, to legal but privacy-unfriendly purposes by commercial
enterprises, to illegal actions by criminals."

IOW: if this is about pervasive monitoring (perpass), you can't leave 
out 2/3rds of the actors (and far more than 2/3rds of the demonstrated 
risk) and expect to have any useful validity.

By limiting us to the actors who don't care about headers, knowing you 
can't include log access in whether you want to or not, this WG is 
completely without a purpose.  Or was that your point? ;-)