Thanks for writing this up and for sharing! > On Oct 20, 2015, at 11:28 AM, Linus Nordberg <[email protected]> wrote: > > Hi, > > draft-josefsson-email-received-privacy-00 has been submitted, see > https://datatracker.ietf.org/doc/draft-josefsson-email-received-privacy/ > > I'd be interested in hearing what people on the perpass list think of > this.
I believe the introduction is trying to provide the use cases, but I think it would be worth elaborating in Section 2 as to why or when an operator should not add the Received header. If the use cases are reasonably broad, then what would be the implications of recommending that all agents should not add a Received header unless engaged in debugging relay problems? If that were feasible, it seems like it would be more useful to those interested in privacy of this header if removing the header were common, rather than a positive indicator of the agent's choosing to maintain a special level of privacy. Regarding the security considerations section, I don't think we should rely on a specification note that systems should be robust. In terms of implementations, do spam or abuse-filtering systems currently use the Received header in practice to identify and mitigate against email spam? What would be the security implications if widespread implementations removed the Received header? Hope this helps, Nick
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
