Re: [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG
Ned Freed <ned.freed@mrochek.com> Mon, 07 December 2015 16:20 UTC
Return-Path: <ned.freed@mrochek.com>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 6C92C1B384E
for <shutup@ietfa.amsl.com>; Mon, 7 Dec 2015 08:20:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.936
X-Spam-Level:
X-Spam-Status: No, score=0.936 tagged_above=-999 required=5
tests=[BAYES_40=-0.001, DATE_IN_PAST_12_24=1.049, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001,
SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Muk8m2IeGmVA for <shutup@ietfa.amsl.com>;
Mon, 7 Dec 2015 08:20:44 -0800 (PST)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.159.242.17])
by ietfa.amsl.com (Postfix) with ESMTP id A17B71B384D
for <shutup@ietf.org>; Mon, 7 Dec 2015 08:20:44 -0800 (PST)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com
(PMDF V6.1-1 #35243) id <01PTZNYBYCK000AW25@mauve.mrochek.com> for
shutup@ietf.org; Mon, 7 Dec 2015 08:15:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=mrochek.com; s=mauve;
t=1449504939; bh=+pUqDZwGq9bHKHyuE/wEExsNmRX/EYmRkwGu1EOLSc8=;
h=Cc:Date:From:Subject:In-reply-to:References:To;
b=TxoSNZCIohhqUyxzkYk3dkIyLRTiHaIxWOWWpsURb5XYfQg+ve7RMXvLN4cSeKV1q
rMz7/9qpBKrRVKZS0ttw+JMSE2Zvz5cVZWvyKvfpANtcA5MnseXkAgArL6YLBdVg7i
hz2hm+fkpBdIf8Fp7qlfDmDCNSN0V3ncY17eExh0=
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: TEXT/PLAIN; CHARSET=us-ascii
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243)
id <01PTVFL0BHTS018EYG@mauve.mrochek.com>; Mon,
07 Dec 2015 08:15:37 -0800 (PST)
Message-id: <01PTZNYA1SXY018EYG@mauve.mrochek.com>
Date: Sun, 06 Dec 2015 11:31:44 -0800 (PST)
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Sun, 06 Dec 2015 09:37:14 -0800"
<05b301d1304c$bf6f3880$3e4da980$@huitema.net>
References: <6.2.5.6.2.20151205205343.0c75fed0@elandnews.com>
<01PTXQAJ1Y2400HE89@mauve.mrochek.com>
<05b301d1304c$bf6f3880$3e4da980$@huitema.net>
To: Christian Huitema <huitema@huitema.net>
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/Ym1GvsSGIGPyHuSt9Jo2C14S0sY>
Cc: 'SM' <sm@resistor.net>, 'Ned Freed' <ned.freed@mrochek.com>,
shutup@ietf.org
Subject: Re: [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To
User Privacy" WG
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>,
<mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>,
<mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Dec 2015 16:20:46 -0000
> On Saturday, December 5, 2015 10:52 PM, Ned Freed wrote: > > SM <sm@resistor.net> writes: > > > > > An attack on organization is a security issue; it isn't a privacy > > > issue. The privacy issue is about mail-related metadata which can be > > > collected by state surveillance agencies. Will the proposed working > > > group attempt to fix that? > > > > As I pointed out on the perpass list when the Received: field draft was > first > > posted, there are definitely privacy issues associated with Received: > fields, > > but metadata collection by state actors really isn't one of them. Why > bother > > with Received: fields when you can simply collect transaction logs from > > ISPs/MSPs. > Ned, you are basically saying, "why bother plugging one leak when the same > data can leak somewhere else." Stop. Right. There. In the text you quoted, I said, "there are definitely privacy issues associated with Received: fields". That in no way, shape, or form equates to my saying that Received: fields are not worth worrying about. In fact in this message: http://mailarchive.ietf.org/arch/msg/perpass/olIpnc_N1Vu46k0X_Rc74XMlYZE I said: ... there is a real privacy gain in not including [IP addresses] in messages. State actors with subpeona powers may have easy access to ISP/MSP logs, but other players, including legitimate message recipients, do not. And my location at the time I send a piece of mail really isn't the concern of any of the message's recipients unless I choose to reveal it. That's almost the exact opposite of the position you claim I held. You really need to start reading what people are actually saying. > Well, I think it is actually important to > plug all the privacy leaks, much like in security it is important to plug > all the holes. And if that was the only factor in play it would be a no-brainer to simply remove the IP addresses. But it isn't the only factor. > You are making the argument that authorities can commandeer data by imposing > on mail providers. That's a statement of fact, not an argument. > They can, but in countries with decent rule of laws there > are limits, such as requesting probable cause and not going through fishing > expeditions. We have seen rogue agencies attempt to bypass these limits by > just taking the data whichever way they can, and we want to stop that. We > also worry that what these agencies can do today, organized gangs can do > tomorrow, and petty criminals after that. The claim has been made - and still is made in the draft under consideration - that IP addresses in Received: field are of significant value to state actors and should be removed for that reason alone. But that claims fails because state actors have the ability to get a better version of that information from transaction logs. Unless you can demonstrate that state actors have an easier time going after message content - and that's demonstratably false in the United States and probably most of other jurisdictions - the specifics of what restrictions apply to state actors overall are entirely irrelevant. And once again, this does *not* constitute an argument that there aren't *other* privacy implications for IP addresses in Received: fields that are worth considering. It's an argument against a specific claim that has been and continues to be made. > The email traces are particular because they are carried to multiple places, > not just the submission site but also every relay and every mail recipient. > That multiplies the chances of compromise. My email provider has some reason > to try maintain my trust, but relays and recipients may not. For me, it > makes a great deal of difference whether the information can be obtained > from just one place or from many. Yes, I believe I have some small awareness of how email works. > As I wrote in a previous message, we have a specific problem with the > correlation between IP address and user identity. Once that correlation is > established, it becomes possible to attribute 5-tuple traces to specific > individuals. You may think that the relation between someone's home IP > address and their identity is static, but in many case it is not. Some ISP > can provide you with addresses that deliberately vary over time. You can use > VPN. You can use Wi-Fi hot spots. That's exactly what privacy conscious > users do. And that's why I find the listing of submission IP in traces > problematic. And I also believe I have some small awareness of how modern networking works. > I understand that there are good use of the information, and that managing > email systems is hard. Except that you apparently refuse to acknowledge it, preferring instead to put words in other people's mouths, not to mention assuming they don't understand the most basic operational characteristics of modern email. Even more important, you also apparently refuse to acknowledge some of those uses have significant privacy implications of their own. A lot of people here are saying that the inclusion of IP addresses in Received: fields is of use in shutting down phishing attacks. And phishing is tremedounsly damaging to user privacy. So what we have here is a tradeoff. On the one hand, if we include client IP addresses in Received: fields, we leak information about message senders which may be exploited by message recipients, service providers etc. (but not state actors). But on the other hand, if we don't include client IP information, we make it harder to prevent spam and phishining attacks from reaching mail recipients, which when those attacks are successful - as some percentage always are - utterly compromises user privacy. And this is going to be a very difficult tradeoff to weigh for a bunch of reasons. For one thing, it's something of an applies to oranges comparison - a small loss of privacy for a large group in aggregate is difficult to compare to a major loss of privacy to a much smaller group. And that's assuming we can find the means of assessing the sizes and characteristics of the groups. And in the case of phishing attacks, if the past is any indication, the efficacy of using a particular piece of information like client IP is going to change over time as attackers change their strategy. But none of this is helped by your failure to actually read what other people are saying, and your frankly insulting assumptions that I don't understand the most basic principles of how email and networks work. Ned
- [Shutup] Proposed Charter for the "SMTP Headers U… Alexey Melnikov
- Re: [Shutup] Proposed Charter for the "SMTP Heade… John R Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Alexey Melnikov
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Jim Fenton
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Christian Huitema
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ned Freed
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Rolf E. Sonneveld
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Newman
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Steve Atkins
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Richard Clayton
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ned Freed
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ned Freed
- Re: [Shutup] chained authorizationm, was Proposed… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] chained authorizationm, was Proposed… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Al Iverson
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Steve Atkins
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Randall Gellens
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Martijn Grooten
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ned Freed
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Tony Finch
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Kurt Andersen (b)
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Martijn Grooten
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Christian Huitema
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Hector Santos
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Martijn Grooten
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] real life privacy tradeo… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] real life privacy tradeo… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] real life privacy tradeo… John Levine
- Re: [Shutup] [ietf-smtp] real life privacy tradeo… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Derek J. Balling
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Derek J. Balling
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Simon Josefsson
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Derek J. Balling
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Richard Clayton
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Christian Huitema
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Steve Atkins
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Al Iverson
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Kurt Andersen
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Robert A. Rosenberg
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Al Iverson
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] real life privacy tradeo… Derek J. Balling
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… MH Michael Hammer (5304)
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] real life privacy tradeo… Christian Huitema
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Robert A. Rosenberg
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Robert A. Rosenberg
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Hector Santos
- [Shutup] Proposed Charter for the "SMTP Headers U… SM
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Ned Freed
- Re: [Shutup] Proposed Charter for the "SMTP Heade… SM
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Christian Huitema
- Re: [Shutup] Proposed Charter for the "SMTP Heade… SM
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Martijn Grooten
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
- Re: [Shutup] Proposed Charter for something John Levine
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Robert A. Rosenberg
- Re: [Shutup] Proposed Charter for something Ted Lemon
- Re: [Shutup] Proposed Charter for something Dave Crocker
- Re: [Shutup] Proposed Charter for something Martijn Grooten
- Re: [Shutup] [ietf-smtp] Proposed Charter for som… John C Klensin
- Re: [Shutup] Proposed Charter for something Stephen Farrell
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Ned Freed
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Stephen Farrell
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Christian Huitema
- Re: [Shutup] [ietf-smtp] Proposed Charter for som… Chris Lewis
- Re: [Shutup] Proposed Charter for something Hector Santos