[Top] [All Lists]

Re: Mandatory From field, anonymity, and hacks

2005-01-28 10:13:18

In <200501271357(_dot_)34152(_dot_)blilly(_at_)erols(_dot_)com> Bruce Lilly 
<blilly(_at_)erols(_dot_)com> writes:

As a result of our discussion starting July 15, 2004, I
have prepared an Internet Draft; draft-lilly-from-optional-00.txt
should be available from the usual places [*].  Public comments
may be posted to the ietf-822 list; private comments to the
author are also welcome.

* E.g.

I have several problems with this.

1. Is it really necessary to modify RFC 822 and well as RFC 2822?

   This memo (if approved) updates the Internet Message Format
   specification [N1.STD11], [N2.RFC2822] as used by various
   applications (electronic mail [I3.STD10], [I1.RFC2821], Usenet news
   [I4.RFC1036], Internet fax [I5.RFC2305], VPIM [I6.RFC3801], EDI
   [I7.RFC1767], [I8.RFC1865], etc.).  It applies across the board to
   applications using the Internet Message Format.  However it does not
   discuss similarly named fields in unrelated formats and protocols
   such as [I9.HTTP] or [I10.SIP].

I think it is most unwise to attempt to impose this change on
protocols/applications other them electronic mail without first consulting
the working groups of other bodies responsible for those protocols.

In the case of Netnews, in particular, I would regard this proposal as
totally unacceptable, since it is clearly desirable and widely expected
that it will be possible to identify the (claimed) poster of any Usenet
article, even if only by the pseudonym that poster chooses to be known by.

If you think otherwise, then I invite you to raise this matter on the
USEFOR list.

I would sugges that, for Usenet, at least the display name should be
provided when no email address is available. That would leave the
following possibilities:

        Allow the <mailbox> to be omitted when <display-name> is present.
        Allow some form of dummy <mailbox>, such as '<>'.
        Encourage the use of clearly unresolvable domains, such as those
        ending in '.invalid'.

Since the first two possibilities might provide some compatibility
problems for existing user agents (though I rather doubt this), perhaps
the use of .invalid could be suggested as an interim measure. It is, in
any case, not clear that some existing user agents will not barf at the
proposed total absence of the From header.

3. I would have thought that the absence of a From header would have been
unacceptable to most users in Email as well as in Netnews, but that is a
matter which is well within the purview of this List to discuss.

   Some documents have suggested use of the reserved ".invalid" TLD
   (top-level domain name) [I18.BCP32] to provide some degree of
   anonymity.  With relaxation of the requirement for a From field in
   the Internet Message Format, such hacks and their negative impact on
   the root name service are unnecessary, at least within the scope of
   Internet Messages.

That reference to "hacks" and "negative impact" is hardly fair. I have
been assured by people who understand the DNS system better than I do
that it is a common and recommended practice for DNS failures to be
cached, and that the inpact of using the TLD .invalid on the root servers
should therefore be minimal. Moreover, '.invalid' can, and should be,
built into agents so that they do not waste time even trying.

Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133   Web:
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, 
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5