Hi SM, thanks for providing some feedback. > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of SM > Sent: Monday, November 07, 2011 1:22 PM > To: [email protected] > Subject: Re: [marf] Working Group Last Call on draft-ietf-marf-redaction > > From Section 2: > > "4. Compute a digest of that string with any hashing/digest algorithm > such as SHA1" > > A reference to RFC 6234 could be added for "SHA". I'll leave it to the > security folks to determine which algorithm to pick. Using any > hashing/digest algorithm will be viewed as unsecure. It would be > better to mention the minimally acceptable one.
Rather than RFC6234, I'm changing this to "such as one defined in FIPS-180-3-2008", since that's the SHA reference DKIM used. I've copied the actual reference information over. > I suggest separating Section 3 into different sections, one for > security and the other for privacy. The current section only covers > privacy. Does redaction (see algorithm) create any security issues? Yes, your suggested split is appropriate, I think. The IESG might find the current section name a little unusual. The most common issue brought up when using message digests in a protocol is the impact of collisions. I've added a paragraph about that post-split. > From Section 3: > > "If further protections are required, implementors may wish to > consider establishing legal contracts or other non-technology-based > agreements between the relevant entities." > > This is a technical specification. Legal contracts do not increase the > level of privacy. It would be better to remove that sentence. I > suggest focusing on the information disclosure angle if the aim is to > have a privacy considerations section. I've changed it to "establishing out-of-band arrangements between the relevant entities." > BTW, the title of the draft is "Redaction of Potentially Sensitive Data > from Mail Abuse Reports". My reading is that the algorithm is to only > redact the local-part of an email address (message header and body). > Most, if not all, the WG participants know how to circumvent that. :-) > The title could be "redaction of email addresses from mail abuse > reports". The algorithm can redact anything, though the local-part is the obvious and most common target. In that sense, I think the present title is more appropriate. Are there other opinions about that? -MSK _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
