Re: [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG

"John R Levine" <johnl@taugh.com> Thu, 26 November 2015 17:40 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D6841B2CD2 for <shutup@ietfa.amsl.com>; Thu, 26 Nov 2015 09:40:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.567
X-Spam-Level: **
X-Spam-Status: No, score=2.567 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, KHOP_DYNAMIC=1.004, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uq69YxzQLCEo for <shutup@ietfa.amsl.com>; Thu, 26 Nov 2015 09:40:24 -0800 (PST)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 495BD1B2CCB for <shutup@ietf.org>; Thu, 26 Nov 2015 09:40:24 -0800 (PST)
Received: (qmail 25874 invoked from network); 26 Nov 2015 17:40:23 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=6511.56574407.k1511; bh=MrZNLmE6aOjouHlb79bTcozFDd9QPtDUihdv0uo1xuc=; b=A5dEQ0dmXAbqZx5UGilhglEvJReBxDRhxwZSGasJLDeqqTvQFXDgOfEnBO+VfqOHuYK+Y/fw/WMexAjMlZ4W3YGZTYs0N8taqfFi26LcpJ2C83199ig05pVCky+9oxRtijys21KsxKD07ivVpQe6j/OiBfnVyB1QRcx51SZzH+9z6ZchdaqHCbeUWz3btSFyPOUuV+4nQzkp+rwlHypkxrZ1o1lRL+31VczeT4yFzZJ7TSbRskDdTNhoRMJzLoiR
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=6511.56574407.k1511; bh=MrZNLmE6aOjouHlb79bTcozFDd9QPtDUihdv0uo1xuc=; b=lw+GhWUOgGaRCUmObz+sT7dpnHVI969xrLCRnaKYsqxHw5Dxb+vOAyRl7FxTJi/cXZqb5uHJzIvOiDRHEBaS/EVgClI1BCBX4HL/aM9ohcAdVczrMcrVU8QwX9PPccazIiuZHAXfHbAKEVbXxx2gw3Qx/6Zzx/twiuZjWyNNNVcNPKidiNP2uQwOhsKGgnj3v3+hChVWfqmkDheEVxJfWo9ApczYd2QuLTay2gvXWUsDDDnWk3pTinfxNd6/2IS9
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.0/X.509/SHA1) via TCP6; 26 Nov 2015 17:40:22 -0000
Date: 26 Nov 2015 12:40:22 -0500
Message-ID: <alpine.OSX.2.11.1511261224190.97490@ary.local>
From: "John R Levine" <johnl@taugh.com>
To: "Alexey Melnikov" <alexey.melnikov@isode.com>
In-Reply-To: <56570D35.1050806@isode.com>
References: <56570D35.1050806@isode.com>
User-Agent: Alpine 2.11 (OSX 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/yU7WKB6_mAGU-oPHv_uWY0EzIYc>
Cc: shutup@ietf.org
Subject: Re: [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Nov 2015 17:40:25 -0000

For most Internet mail users, the main privacy threat they face from 
e-mail is getting their personal and financial information stolen by 
malware and phishes.  I can assure you from extensive experience that 
ISPs, security nonprofits like Team Cymru, and law enforcement in many 
countries exert huge efforts to identify and shut down and, sometimes, 
arrest and jail the criminals who do that.  We use all the information in 
mail headers to do that.  I even have taught courses to law enforcement 
people to explain how to decode mail messages so they can use them as 
evidence to build cases against botnet operators and malware authors and 
distributors.

The charter needs to be rewritten to acknowledge the real issues that 
users face, the reality that personal security is as important a human 
right as privacy*, and the fact that the tradeoffs are difficult and 
subtle.

R's,
John

* - See the Universal Declaration of Human Rights, articles 3, 8, 12, 
and 17.