I believe that spending any time on answering #2 in a quantitative way is a waste of time and will derail useful work in this area. For me to be able to geolocate Derek with sufficient probability as being close to Kingston, NY, USA by looking at the email he sent below is sufficient motivation for me to work on this. I do appreciate and welcome help from experts on #3 so we can describe the best solution to this problem.
I hope that some well-known larger domains will implement draft-josefsson-email-received-privacy-01 (or something like it that we can describe) so we can get more data to #3. However, I suspect that we will find that the majority of "use-cases" for Received data are harmful to users, and that we can support the few good use-cases (like loop detection) anyway. /Simon ons 2015-12-02 klockan 11:32 -0500 skrev Derek J. Balling: > I've been uncharacteristically (for me) quiet up 'til now, so let me -- > perhaps naively -- say what, to me, seems like a simple thing. > > 1.) It's axiomatic that Received headers disclosure some level of > private data > 2.) It's a matter of debate how valuable that data is to those who would > abuse it > 3.) It's a matter of debate as to what impact redaction/removal of that > data from message headers would cause > > Why isn't this as simple as chartering the WG to go off and: > > 1.) Document the answers to questions 2 and 3 above, with data > 2.) If they so choose after doing #1, propose remedies or changes to the > existing methodologies consistent with the data they found above > > At that point, everyone can observe the data, attempt to replicate it > (almost like a peer-review process, one would think) and then the > discussion can be about whether or not any proposal that came out of the > WG meets the larger goals of the net at-large. > > It seems that it shouldn't be this hard to charter them to go off and > "crunch data" and "come up with a proposed solution consistent with that > data". > > Nobody's "committed" to anything by letting folks go off and work on > this. so why is there such vociferous debate over letting them go do > that? What am I missing? (it's possible I have missed something, because > this debate is the most traffic we've seen in years on this list). > > D > > > _______________________________________________ > Shutup mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/shutup
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Shutup mailing list [email protected] https://www.ietf.org/mailman/listinfo/shutup
