ietf-asrg
[Top] [All Lists]

Re: [Asrg] who has the message (was Re: Consensus Call - submission via posting (was Re: Iteration #3))

2010-02-08 15:14:09
Andrew Richards wrote:
On Monday 08 February 2010 19:18:30 Dave CROCKER wrote:
On 2/8/2010 11:11 AM, Andrew Richards wrote:
The alternative requires that a copy of the message still be at the
  server. That works in only some MUA-based models.  Often/typically,
the entire message is downloaded to the MUA's site and the server no
longer has a copy.  Hence, it's too late to enjoy merely passing a
citation back to the server.
I wish to imply that it would become a requirement for the server to
hold a copy if it wishes to implement this functionality
That creates a massive barrier to adoption.  Huge implementation
 overhead.

However TiS is implemented will require implementation work on the server-
side, so I'm not sure that [2] is so different from [1] in this respect.

If the MUA is manually configured, it requires zero implementation effort on the server end, and if configured thru MDA header insertion (eg: Something RFC5451ish), it may still only need a configuration change, not a code change.

_We_ can do TiS button correlation to a spooled copy (within expiration limits), and in fact we use it now.

[There's a couple technical reasons for it being done this way, but as implemented _now_, this is just a short-cut to make sure we can snip out the _correct_ logging information, and don't need to look at the body, whether stored or forwarded.]

But we're corporate, we have employee agreements that state that we can do this. I'd hate to be <large ISP> and have to be answering the media frenzy if EFF found out we were preserving all email this way.

Forwarding the email is a deliberate action on the user's part, and you can easily handle privacy issues if you pay attention during implementation and deployment. If you insist on retaining everything for everybody so as to do abuse reporting from a subset of your users, privacy can become a much more difficult issue, and a much bigger implementation one to program around privacy issues (eg: only doing it for users who've shown they want this).
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg

<Prev in Thread] Current Thread [Next in Thread>