Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealth

Friday, Dec 4, 2015 3:42 PM Rich Kulawiec wrote:
> 1. Such links are often customized on a per-user per-message basis
> with unique URLs.  Thus *any* hit on that URL from anywhere must
> have come from that user [1] and via that particular message.
> It may not disclose their IP address but it *does* disclose that
> they read the message and when.  This is bad.
Yup.  You have to always fetch, when the mail arrives.   Which could turn into 
a DDoS attack if you do it for all messages, so not ideal without additional 
heuristics.   But I don't see any way around those heuristics without simply 
deleting all URLs from all email messages.

> 2. Proxying means proxy means proxy log means yet another place where
> sensitive information accumulates.  I.e., I don't think it's a good idea
> to attempt to fix this issue by MITM'ing connections.
You already have the whole email message if it's not encrypted, so I don't see 
that any additional information is leaking here.   But this is still a good 
point.

> 3. How do you rewrite a link over an encrypted connection?
If you are running the IMAP server, it doesn't matter whether the connection 
between the user and the server is encrypted.   If you are not, then it's not 
your problem.

> I'm not arguing that there isn't a massive privacy problem here.
> There is, and I think it's far more worrisome than IP addresses
> in Received lines, because it discloses far more information *and it
> does so in real time*.  I just don't think solving it will be this easy.
Agreed on both counts.


--
Sent from Whiteout Mail - https://whiteout.io

My PGP key: https://keys.whiteout.io/mellon(_at_)fugue(_dot_)com

pgp8l2EuBaYhw.pgp
Description: PGP signature

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp