Re: [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG

SM <sm@resistor.net> Sun, 06 December 2015 07:49 UTC

Return-Path: <sm@resistor.net>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27CCA1A1B2B for <shutup@ietfa.amsl.com>; Sat, 5 Dec 2015 23:49:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.79
X-Spam-Level:
X-Spam-Status: No, score=-1.79 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, T_DKIM_INVALID=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 93I-4Z0RdR5f for <shutup@ietfa.amsl.com>; Sat, 5 Dec 2015 23:49:15 -0800 (PST)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 211CA1A1B29 for <shutup@ietf.org>; Sat, 5 Dec 2015 23:49:15 -0800 (PST)
Received: from SUBMAN.resistor.net (IDENT:sm@localhost [127.0.0.1]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id tB67n8KW016487 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 5 Dec 2015 23:49:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1449388154; x=1449474554; bh=dkoo/jtnU+5oF23YhoK7k3G/1Of4UlMJLX4r1CsU798=; h=Date:To:From:Subject:In-Reply-To:References; b=wpyv3oBfNk7mUqM2QXRg7RZ4FB+83l6wgnnG9XbkEOlneYmABC61WdycEWFXMXIqo VcDnyZ4LwJIRgnL4FTaRYp7ySOc2cwFYKb4pnYXGjAATVm6xrMv5reL7vP9vDjklIv LQwgX8Z9pNldjepLkR+dQKdnOhPSH7iTvi0hdh4c=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1449388154; x=1449474554; i=@resistor.net; bh=dkoo/jtnU+5oF23YhoK7k3G/1Of4UlMJLX4r1CsU798=; h=Date:To:From:Subject:In-Reply-To:References; b=PQ193Sw7SMZuDjGOSBpVYnVqlNYt/cwzwlKzGvEThxFhHhpFECdc2g2YR3J6zOGr+ Z7pXs4dYPGt+SDdX492yJuIIYW5G1W7+ezchhoDLg6OUJ39z9XBWSqyzObzMymtU1o y0w698hzhefbBJYWH8d/cq6EYjEib3zkC7mTWwEU=
Message-Id: <6.2.5.6.2.20151205230057.06a26038@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Sat, 05 Dec 2015 23:48:52 -0800
To: Chris Lewis <ietf@mustelids.ca>, shutup@ietf.org
From: SM <sm@resistor.net>
In-Reply-To: <5663D70D.30707@mustelids.ca>
References: <6.2.5.6.2.20151205205343.0c75fed0@elandnews.com> <5663D70D.30707@mustelids.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/lZ8VSAuakUC_9od85IKBZFHVIPs>
Subject: Re: [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Dec 2015 07:49:16 -0000

Hello,
At 22:34 05-12-2015, Chris Lewis wrote:
>Privacy is only about state surveillance?  That seems to be a, um, 
>remarkably narrow definition, and completely ignores the privacy 
>issues that people usually get harmed by.  Furthermore, state 
>surveillance doesn't need to scrape headers, they just get the 
>providers to reveal the contents of their logs, which no amount of 
>header obfuscation can hide.

It is indeed a narrow definition.  I am limiting my discussion of the 
proposed charter to what has previously been discussed on the perpass 
mailing list [1] and on this mailing list.  It is up to the 
participant working for provider which was asked to reveal the 
contents of its logs to argue for including that aspect in the 
proposed charter if the participant wishes to do so.

>The NSA didn't get their 5 years worth of universal phone penlogs 
>from tapping wires, they did it with taps right into the provider's 
>equipment.  No amount of on-the-wire fussing would have done a thing.

That is not mentioned in RFC 7258.

>The biggest fault with the charter that there is no mandate 
>whatsoever to explore/mention/define the risks (of either revealing 
>the information or omitting it).
>
>I can see a BCP on privacy protection arising out of this effort, 
>but without any serious attempt to give the reader guidance on 
>pro/con, it'll do more harm than good.

I am still trying to understand the problem(s) which the proposed 
working group might work on.  I am unable to say anything useful 
about the above at the moment.

Regards,
-sm

1. https://www.ietf.org/mail-archive/web/perpass/current/maillist.html