Hi Chris,
On 29 Nov 2015, at 17:12, Chris Newman
<chris(_dot_)newman(_at_)oracle(_dot_)com> wrote:
I oppose the current shutup charter text and
draft-josefsson-email-received-privacy as both promote the elimination of
mechanisms that protect users from fraud and abuse.
As I do care about user privacy, here's a strawman charter that I would
support:
====
This WG will investigate mechanisms to conceal the information exposed by the
submission client's IP address in the mandatory received header generated by
the submission server. The output of this WG will provide a mechanism as
effective at tracing abuse and fraud as current use of the submission
client's IP address. Changing other rules related to received headers in SMTP
is out of scope for this WG.
====
I think this is a very reasonable counter proposal.
To address concerns from other people it might be worth tweaking it, so that if
after investigation no reasonable proposal can be produced, the group should
produce a document describing why the problem is not tractable or not worth
solving considering tradeoffs.
I believe RFC 2442 combined with PGP or S/MIME adequately protects email
headers. I worked on an implementation of that in the 1990s. I'm doubtful the
memory-hole proposal is sufficiently better or sufficiently likely to deploy
to be worth IETF effort.
There might be more will to implement something this time around. Whether the
memory-hole proposal is it, I don't know.
Best Regards,
Alexey
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp