Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

Alexey Melnikov <alexey.melnikov@isode.com> Sun, 29 November 2015 18:33 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DA261B3152; Sun, 29 Nov 2015 10:33:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.584
X-Spam-Level:
X-Spam-Status: No, score=-2.584 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id md49FjnrIqqr; Sun, 29 Nov 2015 10:33:01 -0800 (PST)
Received: from statler.isode.com (Statler.isode.com [62.232.206.189]) by ietfa.amsl.com (Postfix) with ESMTP id 9126A1B314F; Sun, 29 Nov 2015 10:33:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1448821980; d=isode.com; s=selector; i=@isode.com; bh=+IrniIDXvCr7hmPcq1Z0p/RX+OEXOcdDdG/ljaLBORo=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=N0fniHtPbnPS12uDesBYVwDeSMtweSpDoMy82w2Vwvk9tsJ8soh8/+wWtvLBdvljQrtAlJ rALvd++N2OpAY+jVd5UqouxVFPG8y7276HYruGHjCVGsoW/OqYh+dgnryJlhvVqNe/pDS7 EndhewO2vSXpl/f5q+UPcUnl5kI6kE4=;
Received: from [192.168.0.6] (cpc5-nmal20-2-0-cust24.19-2.cable.virginm.net [92.234.84.25]) by statler.isode.com (submission channel) via TCP with ESMTPSA id <VltE3AAlTh7P@statler.isode.com>; Sun, 29 Nov 2015 18:33:00 +0000
X-SMTP-Protocol-Errors: PIPELINING
From: Alexey Melnikov <alexey.melnikov@isode.com>
X-Mailer: iPad Mail (13B143)
In-Reply-To: <etPan.565b31fa.335268bd.11ea@dhcp-whq-twvpn-1-vpnpool-10-159-139-85.vpn.oracle.com>
Date: Sun, 29 Nov 2015 18:34:46 +0000
Message-Id: <5A108ED8-1EDB-42CD-85A5-9BC536D6419D@isode.com>
References: <alpine.OSX.2.11.1511282155180.1479@ary.lan> <565A7234.7010000@alameth.org> <Eoqbyz/axxwfm7I0m8X7QOm53qcBtCJIuS/eiVFyCig=.sha-256@antelope.email> <072F93223CD351A88ECCDB69@JcK-HP5.jck.com> <etPan.565b31fa.335268bd.11ea@dhcp-whq-twvpn-1-vpnpool-10-159-139-85.vpn.oracle.com>
To: Chris Newman <chris.newman@oracle.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=Apple-Mail-A6483F38-C84A-41F9-B818-18881E3E0BF5
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/WiSwZoATwBR6jFRHd29q8go49bw>
Cc: shutup@ietf.org, ietf-smtp@ietf.org
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Nov 2015 18:33:03 -0000

Hi Chris,

> On 29 Nov 2015, at 17:12, Chris Newman <chris.newman@oracle.com> wrote:
> 
> I oppose the current shutup charter text and draft-josefsson-email-received-privacy as both promote the elimination of mechanisms that protect users from fraud and abuse.
> 
> As I do care about user privacy, here's a strawman charter that I would support:
> 
> ====
> This WG will investigate mechanisms to conceal the information exposed by the submission client's IP address in the mandatory received header generated by the submission server. The output of this WG will provide a mechanism as effective at tracing abuse and fraud as current use of the submission client's IP address. Changing other rules related to received headers in SMTP is out of scope for this WG.
> ====

I think this is a very reasonable counter proposal.

To address concerns from other people it might be worth tweaking it, so that if after investigation no reasonable proposal can be produced, the group should produce a document describing why the problem is not tractable or not worth solving considering tradeoffs.

> 
> I believe RFC 2442 combined with PGP or S/MIME adequately protects email headers. I worked on an implementation of that in the 1990s. I'm doubtful the memory-hole proposal is sufficiently better or sufficiently likely to deploy to be worth IETF effort.

There might be more will to implement something this time around. Whether the memory-hole proposal is it, I don't know.

Best Regards,
Alexey