On 14/Jul/11 18:37, Will McAfee wrote:
On Jul 14, 2011, at 11:28 AM, Alessandro Vesely <vesely(_at_)tana(_dot_)it>
wrote:
One can sign the "Sensitivity" header field defined by RFC 2156. It
can have the values "Personal" / "Private" / "Company-Confidential".
However, I received some messages bearing a confidentiality notice but
missing this field entirely. Even the TC system above could hardly
cope with such inconsistent settings. Do notices still retain any
legal value in such cases?
They don't have legal value, period.
It is still an argument that one can bring before a court, e.g. when
claiming damage for unauthorized disclosure of confidential data. We
all know that misaddressing can (and does) happen. Stating that a
message is confidential might be worth in certain circumstances.
See http://www.out-law.com/page-5536
The point is that the semantic status of a message should be set by
the sender, properly. It does not scale to leave it up to the
recipients to determine whether any possible notice is harmless,
inapplicable, or out of context. Laws may allow it, protocols less so.
--
*NOTICE*
Access to this text is restricted to people having the right to do so.
-rwxrwxrwx
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf