On 08/Nov/11 19:47, Murray S. Kucherawy wrote: >> From: ietf.org On Behalf Of Alessandro Vesely >> >>>>> Alessandro sent some text for consideration so those are >>>>> already included in >> >> Wouldn't it be odd to consider that text after WGLC? > > I don't understand that question. Your comment was made before or > during WGLC, so it's considered for the revision. I explicitly > included it by saying so.
Yes, but nobody commented on it. >>> (And if one is redacting local-parts but not email addresses, I >>> have to wonder "why"...) >> >> Since it is not PII, it can be safely left in place. (Please >> note that "safely" addresses legal concerns, not security.) >> Having domain names is often necessary to process messages >> properly. Hence, leaving them alone allows treatment even >> without full un-redacting capabilities, which is consistent with >> the claim that ARF messages are also human-readable. > > If you're doing any redacting at all using the proposed method, > you're already replacing some part of the message (arguably the > most interesting part) with a string of what a user will see as > gibberish. I don't see how doing it twice makes it any less > human-readable than it already is. Since the domain of a recipient address doesn't necessarily match that of the report sender, nor (part of) the Reporting-MTA, naive ESPs might be unable to understand /why/ they're receiving those overly redacted complaints. This is especially relevant when the FBL subscription was skipped, or didn't involve disclosing all the affected domain names. _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
