Perhaps one of the most important things in the WG is to decide whether
the output is a document, and whether the document is an informational,
a BCP or standard or STD. My current thinking is that we're going to
hit BCP at best.
This is increasingly looking like a RG, not a WG. There's a lot of
speculation about what aspects of mail messages and SMTP sessions have
what privacy implications, with an extremely premature focus on IP
address logging. I'd much rather back up a step or two and see if we
can catalog the aspects of mail messages with estimates of the privacy
benefits and risks of each, keeping in mind the context.
For example, how much new information is there in the date stamp in a
Received header in the usual case that it's a few seconds after the
timestamp in the Date: header? On the other hand, most Received
headers have a unique ID that's really handy to identify the message
and the path it took (That's how you tell who's sending spam reports
from AOL and Yahoo, even though they redact all the addresses.)
That would be a useful catalog, and we can think about models that
look at the net personal information, and diagnostic and anti-abuse
information provided by various combinations of features or the lack
thereof. That would be interesting on its own, and would give us a
much better foundation from which to consider changes that could
produce an actual overall privacy improvement.
ietf-smtp mailing list