On Monday 08 February 2010 21:13:09 Chris Lewis wrote:
Andrew Richards wrote:
On Monday 08 February 2010 19:18:30 Dave CROCKER wrote:
On 2/8/2010 11:11 AM, Andrew Richards wrote:
The alternative requires that a copy of the message still be at the
server. That works in only some MUA-based models.
Often/typically, the entire message is downloaded to the MUA's site
and the server no longer has a copy. Hence, it's too late to enjoy
merely passing a citation back to the server.
I wish to imply that it would become a requirement for the server to
hold a copy if it wishes to implement this functionality
That creates a massive barrier to adoption. Huge implementation
overhead.
However TiS is implemented will require implementation work on the
server- side, so I'm not sure that [2] is so different from [1] in
this respect.
If the MUA is manually configured, it requires zero implementation
effort on the server end, and if configured thru MDA header insertion
(eg: Something RFC5451ish), it may still only need a configuration
change, not a code change.
_We_ can do TiS button correlation to a spooled copy (within expiration
limits), and in fact we use it now.
[There's a couple technical reasons for it being done this way, but as
implemented _now_, this is just a short-cut to make sure we can snip out
the _correct_ logging information, and don't need to look at the body,
whether stored or forwarded.]
But we're corporate, we have employee agreements that state that we can
do this. I'd hate to be <large ISP> and have to be answering the media
frenzy if EFF found out we were preserving all email this way.
Forwarding the email is a deliberate action on the user's part, and you
can easily handle privacy issues if you pay attention during
implementation and deployment. If you insist on retaining everything
for everybody so as to do abuse reporting from a subset of your users,
privacy can become a much more difficult issue, and a much bigger
implementation one to program around privacy issues (eg: only doing it
for users who've shown they want this).
I take your point on privacy. Would the following address this point:
The MUA communicates to the upstream provider for TiS for the model I'm
advocating, so the MUA could use the same method to signal to the upstream
provider if it's okay to retain messages for TiS purposes and for how long.
The user has then 'opted-in' to having their messages retained.
cheers,
Andrew.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg