John Morris in <a05200f09bb193252834d(_at_)[10(_dot_)0(_dot_)1(_dot_)19]>
At 1:24 PM -0500 6/20/03, Evan Harris wrote:
[snip]
The only issue I had with the original statement was the claim that this
method should cause greater concern for privacy. While there are privacy
concerns with any statistics, I wouldn't consider this method any more of a
danger than normal server logs, since nothing is kept that couldn't be found
there.
Evan
FWIW, my original point was that the grey list approach is a greater
cause for concern than a simple white list approach (which can reveal
a user's correspondents but not the date and time of the first and
last e-mail and the number of successful e-mails).
I agree that the grey list approach is not radically more
problematic than mail server logs. But even on that point, having
two places where private info aggregates is worse than having one.
Moreover, the greylist might in some cases be easier to locate or
access -- in some situations, for example a civil litigant might have
fairly direct access to his or her grey list (and thus be easily
required to produce it), but the related mail server logs might be
held by a third party ISP not under the litigant's control. And,
once produced, the greylist can serve as an incomplete but still
useful index into the mail server logs.
If only a hash of the triplet were stored, would this solve
the privacy issue?
Regard,
- Elric
--
Elric Pedder
Mailtraq Development (www.mailtraq.com)
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg