On Fri 18/Dec/2020 03:39:00 +0100 John Levine wrote:
In article <cc4e4665-f55b-bec7-760d-ae6ae3d01...@tana.it> you write:
We would like to close this ticket two weeks from now, by the end of the year,
so please get on it.
The ticket text is just:
Make it clear in privacy considerations that failure reports can provide
PII well beyond a domain name, and are not sent by most receivers.
The current text says that, but it should also point out that
redaction does not always remove PII. Info about sender or recipient
might be encoded in non-obvious places such as the Message-ID or DKIM
selectors.*
Info which is encoded in such a way that only the sender can understand rises
no PII concern, IMHO. A sender could cache sent messages and devise how to
encode the corresponding filenames in DKIM selectors. Reporting just the
failed signature would leak the whole message by reference. So what?
Also, whether we use the current Org domain heuristic or a tree walk
to find a higher level DMARC record, there is no way to reliably tell
the relationship between a domain publishing the rua or ruf tag and a
subdomain being reported. Partly this is the Holy Roman Empire
problem, partly the PSL is just incomplete and always will be.
Right. A user can use a submission server which is trusted not to relay
messages to third parties. Yet, ruf= can point to a completely different
environment. By reporting failures (which could be each and every message) a
report producer can be of service to covert communication tracking.
To avoid that risk, one can send just the header, and redact it appropriately.
Should the spec give practical advice about how to do that?
Any lawyers in this WG?
The IETF most definitely does not provide legal advice.
That sounds more like a bug than a feature. We should at least check that any
advice given is legally sound.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
