Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 02 December 2015 01:57 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E77D1B30E4; Tue, 1 Dec 2015 17:57:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mtv5YSzjO1eX; Tue, 1 Dec 2015 17:57:05 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D9381B30DF; Tue, 1 Dec 2015 17:57:05 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 9A458BE7C; Wed, 2 Dec 2015 01:57:03 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0XFVFjE5StrJ; Wed, 2 Dec 2015 01:57:02 +0000 (GMT)
Received: from [10.87.48.91] (unknown [86.46.20.32]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 4DE1ABE75; Wed, 2 Dec 2015 01:57:01 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1449021422; bh=7rxzRTZ/baTyD+zS7LG0QNadPqiQ50cI1axZ7CjEiVQ=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=I0rtztu9DeNrZSjDpMfkAgmODFwIORVpbnzpsNyLSwHcW2sGPHZNHbrIuyqnWNu3Y cAn1YMPT49vsa/OSHhr4mn3L1zQZurFSfA6Lf9nid1oxgEkMlxYfCAdwLpLq+BIxS5 btXX8N/H18dbDpXjXMCn63eZx2cNaEdfPS8NKrfI=
To: Chris Lewis <ietf@mustelids.ca>, shutup@ietf.org
References: <20151130042819.10658.qmail@ary.lan> <1448858775386-ceecd236-8b11ac04-a03b4438@fugue.com> <01PTPUIP3IUK01729W@mauve.mrochek.com> <11d014e5-9a6a-4b78-92a1-8e0a1e0a905d@gulbrandsen.priv.no> <lGTaHvC8ygXWFAuu@highwayman.com> <57B818513A0069189BA3CF41@JcK-HP8200.jck.com> <1449014394167-7d2dec58-2c6a9ae8-33fc8e7a@fugue.com> <565E4CCF.3080901@mustelids.ca>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <565E4FEC.2000607@cs.tcd.ie>
Date: Wed, 2 Dec 2015 01:57:00 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <565E4CCF.3080901@mustelids.ca>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/j1f3fHcYdG_U4pPhc6ANMUTCLxg>
Cc: ietf-smtp@ietf.org
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2015 01:57:11 -0000


On 02/12/15 01:43, Chris Lewis wrote:
> 
> It's far better to train them in the reality of what they need to do to
> preserve their own privacy, than the impossibility of trying to
> privacy-protect everything (and still have something anybody wants to use).

Do you have any evidence for the above?

But in any case, I think your argument is clearly wrong because we
know that it is not possible to "train them" in security or privacy.
(That leaves open the possibility that your conclusion is correct
based on some other argument, but very much weakens confidence in
your conclusion for me.)

IMO the onus is on us as technology developers to ensure that what
we make allows those who deploy that to do a good enough job. In
this case there is room for debate about the cumulative privacy
exposure from many messages including MUA IP addresses (or of
popular implementations defaulting to do so) vs. the benefits
accruing to anti-spam techniques.

For me, claims that any of this is so obvious as to not even need to
be looked are not at all convincing. And in that I do include claims
that "all we need to do is X and it'll be privacy friendly" (for any
X) as well as claims to "move on, there's nothing to see here."

S.