[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

2015-12-01 11:58:27
Tuesday, Dec 1, 2015 12:40 PM John Levine wrote:
Of course there is such an RFC.  RFC 6409 refers to RFC 5321 which
describes the content of the Received header in section 4.4.  It
includes the IP address from which the message was received.

That's the latest version of the SMTP submit spec, not a document about 
Received: header field privacy.

If, perhaps, you are wondering if there should be an RFC that updates
that advice to say to do something else, that's totally unresolved,
since nobody yet has made a plausible argument of what to change and
why there would be an overall benefit from doing so.

The benefit is pretty obvious.   If my IP address and identity information 
appears in a Received: header field, then I can't send mail to a public mailing 
list without revealing to the world geolocation information that could be used 
for doxxing/swatting me, or for various other nefarious activities, and I can't 
send email to an individual unless I am willing to reveal that information to 
that individual.   And I can't send email through any server operated by anyone 
to whom I do not wish to reveal that information.

These may not feel like important issues to you, but for some people they are 
life-or-death issues, and there really is a tradeoff to be made between the 
freedom of people in that situation to speak, and the freedom of the operators 
of mail servers to surveil them, even when that surveillance has a good motive 
behind it.   The problem is that it's not _just_ the people who need the 
information who get it.

Until we look at the actual costs and benefits, it's grossly premature
to propose any changes.

Right, that's why I keep asking questions.   It's easy to read a series of 
questions as leading to a conclusion, and of course there is a conclusion that 
seems to be indicated here, but if I didn't care about your opinion and 
knowledge on this topic, I wouldn't be asking you questions.

Sent from Whiteout Mail -

My PGP key:

Attachment: pgpwfNnbgkjc2.pgp
Description: PGP signature

ietf-smtp mailing list
<Prev in Thread] Current Thread [Next in Thread>