-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/14/2011 08:28 AM, Alessandro Vesely wrote:
On 14/Jul/11 03:48, John Levine wrote:
Yes, and perhaps disclaimers/confidentiality notices should be
standardized with their own MIME type to make automatic processing
easier so receivers of this kind of notice (mailing-list or other)
can respect the wishes of the sender.
That respect would of course be demonstrated by rejecting or
discarding the mail unread, to avoid any possibility that it could
fall into the wrong hands.
Yes, with the possible exception of recipients deploying a Treacherous
Computing environment that includes checks against forwarding or
replying with non fair use quotations of confidential messages.
PS: Perhaps I should propose a revised RFC 5617 adding dkim=confidential.
One can sign the "Sensitivity" header field defined by RFC 2156. It
can have the values "Personal" / "Private" / "Company-Confidential".
However, I received some messages bearing a confidentiality notice but
missing this field entirely. Even the TC system above could hardly
cope with such inconsistent settings.
1. If an email received contains a Sensivity header with Confidential, Private
or Personal, the email is rejected.
2. Else, with techniques similar to spam filtering, a process can then test if
the email may contain a legal notice (perhaps Spamassassin can be configured to
do this - I am not a specialist). If such notice is detected, and there is no
Sensivity header the email is bounced back with a text similar to this:
"We automatically detected that your email may contain a legal notice, but we
have no way to be sure that this notice is compliant with our rules, but we
cannot take the legal risk to accept it against the wishes of your employer.
Please contact your IT department and ask them to add a Sensivity header to the
emails sent by your organization, which should be even easier than adding the
legal notice."
3. Else, if a notice is detected and there is a Sensivity=public header, then
the email is accepted.
4. Else, if no notice is detected, the email is accepted.
Do notices still retain any
legal value in such cases?
- --
Marc Petit-Huguenin
Personal email: marc(_at_)petit-huguenin(_dot_)org
Professional email: petithug(_at_)acm(_dot_)org
Blog: http://blog.marc.petit-huguenin.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk4fHPUACgkQ9RoMZyVa61f1HwCcDCWWIade84CPrOGglYUOS5Jk
UPMAn0eETDcMfjPq6do1Jb92eWGud+ls
=dlvr
-----END PGP SIGNATURE-----
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf