Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

Ted Lemon <mellon@fugue.com> Tue, 01 December 2015 17:58 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 739051B2E24; Tue, 1 Dec 2015 09:58:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.912
X-Spam-Level:
X-Spam-Status: No, score=-1.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rsxrw9iZ2Mfl; Tue, 1 Dec 2015 09:58:09 -0800 (PST)
Received: from fugue.com (mail-2.fugue.com [IPv6:2a01:7e01::f03c:91ff:fee4:ad68]) by ietfa.amsl.com (Postfix) with ESMTP id A7C9D1B2E1F; Tue, 1 Dec 2015 09:58:07 -0800 (PST)
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="----sinikael-?=_1-14489926844720.06153230415657163"
From: Ted Lemon <mellon@fugue.com>
To: shutup@ietf.org
In-Reply-To: <20151201174025.18409.qmail@ary.lan>
References: <20151201174025.18409.qmail@ary.lan>
Date: Tue, 01 Dec 2015 17:58:04 +0000
Message-Id: <1448992684773-4c6d4a39-ded58e7b-128cca51@fugue.com>
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/WXvBvIFNf2aSXMJt35SpL12rPew>
Cc: ietf-smtp@ietf.org
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2015 17:58:10 -0000

Tuesday, Dec 1, 2015 12:40 PM John Levine wrote:
> Of course there is such an RFC.  RFC 6409 refers to RFC 5321 which
> describes the content of the Received header in section 4.4.  It
> includes the IP address from which the message was received.

That's the latest version of the SMTP submit spec, not a document about Received: header field privacy.

> If, perhaps, you are wondering if there should be an RFC that updates
> that advice to say to do something else, that's totally unresolved,
> since nobody yet has made a plausible argument of what to change and
> why there would be an overall benefit from doing so.

The benefit is pretty obvious.   If my IP address and identity information appears in a Received: header field, then I can't send mail to a public mailing list without revealing to the world geolocation information that could be used for doxxing/swatting me, or for various other nefarious activities, and I can't send email to an individual unless I am willing to reveal that information to that individual.   And I can't send email through any server operated by anyone to whom I do not wish to reveal that information.

These may not feel like important issues to you, but for some people they are life-or-death issues, and there really is a tradeoff to be made between the freedom of people in that situation to speak, and the freedom of the operators of mail servers to surveil them, even when that surveillance has a good motive behind it.   The problem is that it's not _just_ the people who need the information who get it.

> Until we look at the actual costs and benefits, it's grossly premature
> to propose any changes.

Right, that's why I keep asking questions.   It's easy to read a series of questions as leading to a conclusion, and of course there is a conclusion that seems to be indicated here, but if I didn't care about your opinion and knowledge on this topic, I wouldn't be asking you questions.


--
Sent from Whiteout Mail - https://whiteout.io

My PGP key: https://keys.whiteout.io/mellon@fugue.com