Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
"Rolf E. Sonneveld" <R.E.Sonneveld@sonnection.nl> Mon, 30 November 2015 09:35 UTC
Return-Path: <R.E.Sonneveld@sonnection.nl>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 59B751B2DD4;
Mon, 30 Nov 2015 01:35:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.301
X-Spam-Level:
X-Spam-Status: No, score=-1.301 tagged_above=-999 required=5
tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001]
autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id HQqhr6iK7GHx; Mon, 30 Nov 2015 01:35:01 -0800 (PST)
Received: from mx20.mailtransaction.com (mx20.mailtransaction.com
[78.46.16.213])
by ietfa.amsl.com (Postfix) with ESMTP id AF1461B2DD6;
Mon, 30 Nov 2015 01:34:59 -0800 (PST)
Received: from mx14.mailtransaction.com (mx11.mailtransaction.com
[88.198.59.230])
by mx20.mailtransaction.com (Postfix) with ESMTP id 3p8Lxs5PVXz1L8n7;
Mon, 30 Nov 2015 10:34:57 +0100 (CET)
Received: from jaguar.sonnection.nl (D57E1702.static.ziggozakelijk.nl
[213.126.23.2])
by mx14.mailtransaction.com (Postfix) with ESMTP id 3p8Lxs445rz5Mgfl;
Mon, 30 Nov 2015 10:34:57 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
by jaguar.sonnection.nl (Postfix) with ESMTP id 2E89B123552;
Mon, 30 Nov 2015 10:34:57 +0100 (CET)
X-Virus-Scanned: amavisd-new at sonnection.nl
Received: from jaguar.sonnection.nl ([127.0.0.1])
by localhost (jaguar.sonnection.nl [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id mFF9pvXbCzF2; Mon, 30 Nov 2015 10:34:53 +0100 (CET)
Received: from [192.168.3.49] (unknown [192.168.1.1])
by jaguar.sonnection.nl (Postfix) with ESMTPSA id C04801234EE;
Mon, 30 Nov 2015 10:34:52 +0100 (CET)
To: Christian Huitema <huitema@huitema.net>,
'Jim Fenton' <fenton@bluepopcorn.net>, ietf-smtp@ietf.org, shutup@ietf.org
References: <alpine.OSX.2.11.1511282155180.1479@ary.lan>
<565A7234.7010000@alameth.org>
<Eoqbyz/axxwfm7I0m8X7QOm53qcBtCJIuS/eiVFyCig=.sha-256@antelope.email>
<072F93223CD351A88ECCDB69@JcK-HP5.jck.com>
<etPan.565b31fa.335268bd.11ea@dhcp-whq-twvpn-1-vpnpool-10-159-139-85.vpn.oracle.com>
<565B81F4.8090401@bluepopcorn.net>
<015801d12b0a$dc8731d0$95959570$@huitema.net>
From: "Rolf E. Sonneveld" <R.E.Sonneveld@sonnection.nl>
Message-ID: <565C183B.4030109@sonnection.nl>
Date: Mon, 30 Nov 2015 10:34:51 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <015801d12b0a$dc8731d0$95959570$@huitema.net>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sonnection.nl;
s=2009; t=1448876097;
bh=p0j4x5p1domfRwP+xPpOWWlktEecm6W1vtqBHxv1eg4=;
h=Subject:To:From:Message-ID:Date:From;
b=YD57Rgh7RE45t1nOjDJ2AgSyXqM106le+bV+CHgsTiV/KvwNwlAd4W11ctUr/SQs7
+/+VTUSL4pnS4u5HN4OGHwEMnO5PBkbrUq7YuxKWCuOvuwabnL7rcTcrYSJltVlA3A
qaN6tarUuL3Ju7OYkc6XDk31edZyIqQXqo6WT0u4=
DKIM-Filter: OpenDKIM Filter v2.8.2 mx20.mailtransaction.com 3p8Lxs5PVXz1L8n7
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/bxFwHvpVH-_06tIu3wOY6q4Ne9k>
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers
Unhealthy To User Privacy" WG (fwd)
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>,
<mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>,
<mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Nov 2015 09:35:03 -0000
On 30-11-15 02:02, Christian Huitema wrote: > On Sunday, November 29, 2015 12:54 PM, Jim Fenton wrote: >> There are users for whom their privacy is critically important, such >> as press informants in totalitarian societies. There are many other >> ways to determine their location (network monitoring coupled with >> a STARTTLS downgrade attack, for one), and it would be harmful >> (potentially life-threatening) if anyone thought that this would truly >> protect them. They should be using something like SecureDrop and >> not using email at all. > Uh, No. This is the classic "the other side of the boat is leaking too" > argument, coupled with a dollop of "no security is better than imperfect > security." Yes, there are many ways for metadata to leak. But that does not > mean that we should not plugs the leaks that we do know about. > > The discussion so far shows that one hand many people believe that we are > disclosing too much metadata in mail headers, while many more believe that > the metadata disclosure is actually useful to fight various forms of abuse, > some of which may well compromise users' privacy. > > We also heard that some of the big providers have already unilaterally > decided to suppress some of the metadata, like the first hop address. Can anyone share some information about which providers made which decision? > So we > have at least one data point showing that not all metadata needs to be > preserved. I fail to see the causality with the first sentence here: do you mean: the worlds e-mail ecosystem did not collapse, so this proves that not all metadata needs to be preserved? > > The "submission" hop may be a special case, but as Jim points out, mailing > lists may well another special case, for which some guidance would be > useful. > > The concern about topology disclosure may or may not justify pruning some of > the metadata. > > In short, it appears that there is enough concern and enough uncertainty to > justify working at least on an analysis document, and depending on the > outcome on a best practice document. Let's have this debate, and let's make > some progress on email privacy. There has been done some work on this, which might be useful input to the discussion: see the report "Investigating the leakage of sensitive personal and organisational information in email headers" [1]. /rolf [1] https://www.cs.ox.ac.uk/publications/publication9347-abstract.html.
- [Shutup] Proposed Charter for the "SMTP Headers U… Alexey Melnikov
- Re: [Shutup] Proposed Charter for the "SMTP Heade… John R Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Alexey Melnikov
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Jim Fenton
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Christian Huitema
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ned Freed
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Rolf E. Sonneveld
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Newman
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Steve Atkins
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Richard Clayton
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ned Freed
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ned Freed
- Re: [Shutup] chained authorizationm, was Proposed… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] chained authorizationm, was Proposed… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Al Iverson
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Steve Atkins
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Randall Gellens
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Martijn Grooten
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ned Freed
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Tony Finch
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Kurt Andersen (b)
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Martijn Grooten
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Christian Huitema
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Hector Santos
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Martijn Grooten
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] real life privacy tradeo… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] real life privacy tradeo… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] real life privacy tradeo… John Levine
- Re: [Shutup] [ietf-smtp] real life privacy tradeo… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Derek J. Balling
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Derek J. Balling
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Simon Josefsson
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Derek J. Balling
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Richard Clayton
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Christian Huitema
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Steve Atkins
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Al Iverson
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Kurt Andersen
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Robert A. Rosenberg
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Al Iverson
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] real life privacy tradeo… Derek J. Balling
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… MH Michael Hammer (5304)
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] real life privacy tradeo… Christian Huitema
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Robert A. Rosenberg
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Robert A. Rosenberg
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
- Re: [Shutup] [ietf-smtp] Proposed Charter for the… Hector Santos
- [Shutup] Proposed Charter for the "SMTP Headers U… SM
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Ned Freed
- Re: [Shutup] Proposed Charter for the "SMTP Heade… SM
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Christian Huitema
- Re: [Shutup] Proposed Charter for the "SMTP Heade… SM
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Martijn Grooten
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
- Re: [Shutup] Proposed Charter for something John Levine
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Robert A. Rosenberg
- Re: [Shutup] Proposed Charter for something Ted Lemon
- Re: [Shutup] Proposed Charter for something Dave Crocker
- Re: [Shutup] Proposed Charter for something Martijn Grooten
- Re: [Shutup] [ietf-smtp] Proposed Charter for som… John C Klensin
- Re: [Shutup] Proposed Charter for something Stephen Farrell
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Ned Freed
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Stephen Farrell
- Re: [Shutup] Proposed Charter for the "SMTP Heade… Christian Huitema
- Re: [Shutup] [ietf-smtp] Proposed Charter for som… Chris Lewis
- Re: [Shutup] Proposed Charter for something Hector Santos