ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

2015-12-02 12:23:57
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In message <565F2B73(_dot_)3000407(_at_)megacity(_dot_)org>, Derek J. Balling
<dredd(_at_)megacity(_dot_)org> writes

"Is there clear indication that 'the community' wants to do this". OK,
how do we determine that?
"by virtue of there being folk who want spend time on wg development"? 
It seems to be case that such people exist, or we wouldn't be having
this discussion. "(and) they or other folk making noises about interest
in implementing and developing it" It seems like this whole discussion
is that of "them and other folks" making noises about implementing and
developing it.

I'm unclear how many implementors and developers have chimed in so far.
The people whose names I have recognised have pretty much all been anti-
spam experts (working or consulting for large providers).

A concern would be that some of the enthusiasm for the process is people
may be planning to use the existence of an RFC as a stick with which to
beat into submission the implementors and the developers ("but you have
to do this, the IETF said so"). Now that may be the right way to
proceed, but I'm not entirely sure if the implementors and developers
would entirely concur.

Of course a sophisticated understanding of the different types of RFC
(and the precise meaning of SHOULD) makes this a non-issue, but that
understanding is thinly spread.

If there is no obvious problem with doing work in this space, then
yeah waiting until it's done to look for specific problems makes
sense. But that's not applicable for the current type of work, as
dangers of the /category/ of work have already been cited. d/ 
As the proponents of the WG have noted, the "big four" webmail providers
are already to some extent doing things similar to what the
WG-proponents are considering, 

I'm not quite sure what is being considered, so I would disagree for
that reason alone.

and the Internet hasn't collapsed in pain
from their so doing. 

I know many in Law Enforcement who are extremely pained that what used
to be a trivial exercise in processing header field data from MAGY to
assess whether an investigation will be easy is no longer practical.

This has put a big delay in the way of determining how best to pursue an
email related lead (or indeed to decide whether or not a case is
tractable at all).

That may not pain you, but I assure you it pains the victims, and no I'm
not going to spend the rest of the day providing references as to the
accuracy of that claim. but reading this might give some clues:

<https://www.lightbluetouchpaper.org/2015/11/20/the-emotional-cost-of-
cybercrime/>

Of course the triage that I describe would be in most cases satisfied by
a "blob" that gave AS number and a user identifier (allowing a view to
be taken regarding jurisdiction and number of incidents that would be
linked).

In fact a user identifier would work better than IP addresses which can
vary considerably and in the case of mobile are pretty much useless as
identifiers of people. But any work schedule needs to make clear if the
aim is to hide identity or location or both -- there's separate trade-
offs for each.

- -- 
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBVl822uINNVchEYfiEQKtiwCfc3a6uo22E+63YeNmHOHE62jhROUAnAl/
okbW+O+pLQIPpNYd08b6R/FD
=tXBF
-----END PGP SIGNATURE-----

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

<Prev in Thread] Current Thread [Next in Thread>