[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

2015-11-29 21:22:26
On Sunday, November 29, 2015 12:54 PM, Jim Fenton wrote:

There are users for whom their privacy is critically important, such 
as press informants in totalitarian societies. There are many other 
ways to determine their location (network monitoring coupled with 
a STARTTLS downgrade attack, for one), and it would be harmful 
(potentially life-threatening) if anyone thought that this would truly 
protect them. They should be using something like SecureDrop and 
not using email at all.

Uh, No. This is the classic "the other side of the boat is leaking too"
argument, coupled with a dollop of "no security is better than imperfect
security." Yes, there are many ways for metadata to leak. But that does not
mean that we should not plugs the leaks that we do know about.

The discussion so far shows that one hand many people believe that we are
disclosing too much metadata in mail headers, while many more believe that
the metadata disclosure is actually useful to fight various forms of abuse,
some of which may well compromise users' privacy. 

We also heard that some of the big providers have already unilaterally
decided to suppress some of the metadata, like the first hop address. So we
have at least one data point showing that not all metadata needs to be

The "submission" hop may be a special case, but as Jim points out, mailing
lists may well another special case, for which some guidance would be

The concern about topology disclosure may or may not justify pruning some of
the metadata.

In short, it appears that there is enough concern and enough uncertainty to
justify working at least on an analysis document, and depending on the
outcome on a best practice document. Let's have this debate, and let's make
some progress on email privacy.

-- Christian Huitema

ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>