ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

2015-12-02 13:35:35
I believe that spending any time on answering #2 in a quantitative way
is a waste of time and will derail useful work in this area.  For me to
be able to geolocate Derek with sufficient probability as being close to
Kingston, NY, USA by looking at the email he sent below is sufficient
motivation for me to work on this.  I do appreciate and welcome help
from experts on #3 so we can describe the best solution to this problem.

I hope that some well-known larger domains will implement
draft-josefsson-email-received-privacy-01 (or something like it that we
can describe) so we can get more data to #3.  However, I suspect that we
will find that the majority of "use-cases" for Received data are harmful
to users, and that we can support the few good use-cases (like loop
detection) anyway.

/Simon

ons 2015-12-02 klockan 11:32 -0500 skrev Derek J. Balling:
I've been uncharacteristically (for me) quiet up 'til now, so let me --
perhaps naively -- say what, to me, seems like a simple thing.

1.) It's axiomatic that Received headers disclosure some level of
private data
2.) It's a matter of debate how valuable that data is to those who would
abuse it
3.) It's a matter of debate as to what impact redaction/removal of that
data from message headers would cause

Why isn't this as simple as chartering the WG to go off and:

1.) Document the answers to questions 2 and 3 above, with data
2.) If they so choose after doing #1, propose remedies or changes to the
existing methodologies consistent with the data they found above

At that point, everyone can observe the data, attempt to replicate it
(almost like a peer-review process, one would think) and then the
discussion can be about whether or not any proposal that came out of the
WG meets the larger goals of the net at-large.

It seems that it shouldn't be this hard to charter them to go off and
"crunch data" and "come up with a proposed solution consistent with that
data".

Nobody's "committed" to anything by letting folks go off and work on
this. so why is there such vociferous debate over letting them go do
that? What am I missing? (it's possible I have missed something, because
this debate is the most traffic we've seen in years on this list).

D


_______________________________________________
Shutup mailing list
Shutup(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/shutup

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp
<Prev in Thread] Current Thread [Next in Thread>