[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for something

2015-12-07 01:31:51

--On Monday, December 07, 2015 02:34 +0000 John Levine
<johnl(_at_)taugh(_dot_)com> wrote:

This is increasingly looking like a RG, not a WG.  There's a
lot of speculation about what aspects of mail messages and
SMTP sessions have what privacy implications, with an
extremely premature focus on IP address logging.  I'd much
rather back up a step or two and see if we can catalog the
aspects of mail messages with estimates of the privacy
benefits and risks of each, keeping in mind the context.  

For example, how much new information is there in the date
stamp in a Received header in the usual case that it's a few
seconds after the timestamp in the Date: header?  On the other
hand, most Received headers have a unique ID that's really
handy to identify the message and the path it took (That's how
you tell who's sending spam reports from AOL and Yahoo, even
though they redact all the addresses.)

That would be a useful catalog, and we can think about models
that look at the net personal information, and diagnostic and
anti-abuse information provided by various combinations of
features or the lack thereof.  That would be interesting on
its own, and would give us a much better foundation from which
to consider changes that could produce an actual overall
privacy improvement.

This strikes me as a really good idea.  This is probably what
John has in mind but, to be explicit, if it could also catalog
(not just allow "thinking about"), for each item, the
substantive uses to which any relevant aspect or datum is being
legitimately put today, differentiating things that are
specifically anti-spam from anti-phishing and mitigation of
malware and other types of attacks, that would be even better.
As many people have suggested in the previous threads, "more
privacy", whether about location or other information, is not
free but involves tradeoffs with other priorities and it is
important to consider the tradeoffs and balance.   

For me at least, Dave Crocker's subsequent comments reinforce
that view.


ietf-smtp mailing list