[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

2015-11-29 12:33:18
Hi Chris,

On 29 Nov 2015, at 17:12, Chris Newman 
<chris(_dot_)newman(_at_)oracle(_dot_)com> wrote:

I oppose the current shutup charter text and 
draft-josefsson-email-received-privacy as both promote the elimination of 
mechanisms that protect users from fraud and abuse.

As I do care about user privacy, here's a strawman charter that I would 

This WG will investigate mechanisms to conceal the information exposed by the 
submission client's IP address in the mandatory received header generated by 
the submission server. The output of this WG will provide a mechanism as 
effective at tracing abuse and fraud as current use of the submission 
client's IP address. Changing other rules related to received headers in SMTP 
is out of scope for this WG.

I think this is a very reasonable counter proposal.

To address concerns from other people it might be worth tweaking it, so that if 
after investigation no reasonable proposal can be produced, the group should 
produce a document describing why the problem is not tractable or not worth 
solving considering tradeoffs.

I believe RFC 2442 combined with PGP or S/MIME adequately protects email 
headers. I worked on an implementation of that in the 1990s. I'm doubtful the 
memory-hole proposal is sufficiently better or sufficiently likely to deploy 
to be worth IETF effort.

There might be more will to implement something this time around. Whether the 
memory-hole proposal is it, I don't know.

Best Regards,
ietf-smtp mailing list
<Prev in Thread] Current Thread [Next in Thread>