Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

Ned Freed <ned.freed@mrochek.com> Mon, 30 November 2015 15:51 UTC

Return-Path: <ned.freed@mrochek.com>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52A971B2F0D; Mon, 30 Nov 2015 07:51:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.012
X-Spam-Level:
X-Spam-Status: No, score=-2.012 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v_VpUTDNx7ba; Mon, 30 Nov 2015 07:51:08 -0800 (PST)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.159.242.17]) by ietfa.amsl.com (Postfix) with ESMTP id C1ED51B2F35; Mon, 30 Nov 2015 07:51:08 -0800 (PST)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01PTPUW456OG00E58J@mauve.mrochek.com>; Mon, 30 Nov 2015 07:46:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=mrochek.com; s=mauve; t=1448898360; bh=RlRdfYKkwulUxnxEKVDvXcByCBdlHBiacNpliyfkAAI=; h=Cc:Date:From:Subject:In-reply-to:References:To; b=LUV95amiybgCaZxRXj6zGcPoQnQI8bgCsPAGZlXSnOGI8VYuVX9QAU3PKizG35lgq LMy5K0QUfXwgv0Et7Dr7RS83AvhuYM0S95ckIOGE+iKBk/tNWyz8IiKSEG6GIeiK8N 13yHXIyedbmoy/2IuetGJWRz3fmG2nZqknPacYQE=
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: TEXT/PLAIN; CHARSET=us-ascii; Format=flowed
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01PTC2EECTPC01729W@mauve.mrochek.com>; Mon, 30 Nov 2015 07:45:54 -0800 (PST)
Message-id: <01PTPUW0CL1001729W@mauve.mrochek.com>
Date: Mon, 30 Nov 2015 07:38:21 -0800 (PST)
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Mon, 30 Nov 2015 10:34:51 +0100" <565C183B.4030109@sonnection.nl>
References: <alpine.OSX.2.11.1511282155180.1479@ary.lan> <565A7234.7010000@alameth.org> <Eoqbyz/axxwfm7I0m8X7QOm53qcBtCJIuS/eiVFyCig=.sha-256@antelope.email> <072F93223CD351A88ECCDB69@JcK-HP5.jck.com> <etPan.565b31fa.335268bd.11ea@dhcp-whq-twvpn-1-vpnpool-10-159-139-85.vpn.oracle.com> <565B81F4.8090401@bluepopcorn.net> <015801d12b0a$dc8731d0$95959570$@huitema.net> <565C183B.4030109@sonnection.nl>
To: "Rolf E. Sonneveld" <R.E.Sonneveld@sonnection.nl>
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/qWk7bGGx-agYV4cvOdLWynd0c5k>
Cc: 'Jim Fenton' <fenton@bluepopcorn.net>, shutup@ietf.org, Christian Huitema <huitema@huitema.net>, ietf-smtp@ietf.org
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Nov 2015 15:51:10 -0000

> On 30-11-15 02:02, Christian Huitema wrote:
> > On Sunday, November 29, 2015 12:54 PM, Jim Fenton wrote:
> >> There are users for whom their privacy is critically important, such
> >> as press informants in totalitarian societies. There are many other
> >> ways to determine their location (network monitoring coupled with
> >> a STARTTLS downgrade attack, for one), and it would be harmful
> >> (potentially life-threatening) if anyone thought that this would truly
> >> protect them. They should be using something like SecureDrop and
> >> not using email at all.
> > Uh, No. This is the classic "the other side of the boat is leaking too"
> > argument, coupled with a dollop of "no security is better than imperfect
> > security." Yes, there are many ways for metadata to leak. But that does not
> > mean that we should not plugs the leaks that we do know about.
> >
> > The discussion so far shows that one hand many people believe that we are
> > disclosing too much metadata in mail headers, while many more believe that
> > the metadata disclosure is actually useful to fight various forms of abuse,
> > some of which may well compromise users' privacy.
> >
> > We also heard that some of the big providers have already unilaterally
> > decided to suppress some of the metadata, like the first hop address.

> Can anyone share some information about which providers made which decision?

I posted about this earlier on the perpass list in respose to the initial
discussion of the draft-josefsson-email-received-privacy draft. Here's an
updated version of that information:

Gmail:   Webmail does not disclose originating client IP, apparently using
         invalid Received: field to avoid doing so.
         Submit discloses originating IP.
Yahoo:   Neither webmail nor submit disclose originating IP, some Received:
         fields are invalid but this looks like an unrelated issue.
Outlook: Neither webmail nor submit disclose originating IP, valid Received:
         fields.
AOL:     Both webmail and submit disclose originating client IP in both
         Received: fields and X-Originating-IP: (webmail) and X-AOL-IP:
         (submit) fields.
GMX:	 Both webmail and submit disclose originating client IP.

Thanks John Levine for the AOL submit data.

				Ned