On 07/Nov/11 23:00, Murray S. Kucherawy wrote: >> From: ietf.org On Behalf Of SM >> At 10:59 04-11-2011, Murray S. Kucherawy wrote: >> >>> Alessandro sent some text for consideration so those are >>> already included in
Wouldn't it be odd to consider that text after WGLC? >> BTW, the title of the draft is "Redaction of Potentially >> Sensitive Data from Mail Abuse Reports". My reading is that the >> algorithm is to only redact the local-part of an email address >> (message header and body). The spec says "such as" local-parts of email addresses, in parentheses. It is a way to indicate by example --apparently better than the "atomistic" wordings we tried. Some full examples of redacted messages would better the I-D. > The algorithm presented could be used to redact anything in > particular. Although it's certainly true that email addresses or > even just their local-parts are the likely targets, the presented > algorithm could work equally well to redact full names. Indeed, in the text I sent for consideration, I tried to identify further PII explicitly. > (And if one is redacting local-parts but not email addresses, I > have to wonder "why"...) Since it is not PII, it can be safely left in place. (Please note that "safely" addresses legal concerns, not security.) Having domain names is often necessary to process messages properly. Hence, leaving them alone allows treatment even without full un-redacting capabilities, which is consistent with the claim that ARF messages are also human-readable. _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
