> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of J.D. > Falk > Sent: Tuesday, March 08, 2011 9:43 AM > To: Message Abuse Report Format working group > Subject: [marf] draft-jdfalk-marf-redaction > > I was in the mood for xml the other day, so I took section 10 of draft- > ietf-marf-dkim-reporting and added the minimum necessary additional > text and formatting to make it a stand-alone draft: > > http://tools.ietf.org/html/draft-jdfalk-marf-redaction-00 > > (Oops, just noticed I forgot to acknowledge the original authors. Many > apologies; that'll be fixed in the next version.) > > My thought is that by making this a stand-alone Informational RFC, > it'll be easy to reference from other documents. > > Any thoughts?
Commenting on the -01 version: As Alessandro pointed out, one might want to redact anything in the message, not just local-parts. Section 2 already says that, but the paragraph at the end also seems focused on the idea that user-ids are all that gets covered. That paragraph should be more generic. Also, Section 2 should include a SHOULD NOT with respect to redacting portions of the message that define its structure, namely header field names and parts of the MIME structure like boundary strings and media types. Section 3 should include a paragraph reflecting Alessandro's point about privileged users (e.g., users with access to logs) possibly being able to deduce private information in correlation with redacted bits of a message. The IESG lately cringes at specific endorsement of SHA1 or MD5. I suggest changing "SHA1" to something more general like "any acceptable hash/digest algorithm". Since this technique is in production use in a few places (Mike from Facebook said so earlier in this thread, for example, and we know of other MAAWG members doing so as well), and since the target status is Informational, maybe this one is also getting close to being WGLC-able. Comments? -MSK _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
