Re: More thoughts on From: lines

[Len Sassaman <rabbi@abditum.com>]

On Wed, 26 Feb 2003, Michael Gurski wrote:

> Are there differences in MIME encoding for different MUAs, or just the
> content boundary delimiters?  If it's the latter, I can see a
> demime/remime (or just straight re-write) that could happen at the
> last hop.  It's probably not solvable if it's the former, at least
> with existing MUAs.

We discussed this at the BoF. Conclusion: all MIME header creation and
canonicalization must be done at the sending end.

> My opinion would be "warn the users that attachments could compromise
> their anonymity".

Further, and this is a nit at this point: warn them, and allow them to
permanently disable the warning. We need to balance warning users of the
risks, with scaring them away from the system to instead use a less-secure
system which doesn't warn at all.

> I suspect that a determined user will find some way to attach data,
> even if the system officially disallows attachments. In the world
> today, I don't think most people would be willing to use a system
> where they couldn't use attachments of some sort.

Agreed.

> I think if users are educated about the possible anonymity
> compromises, they can make their own decisions on the matter.  Instead
> of attaching v-cards, or Word docs that might have identifying info,
> the ones truly concerned would likely disable v-cards, and maybe
> print-and-scan, or export docs to text and attach those.  Or, as Peter
> mentioned elsewhere, track down tools to sanitize their documents
> before attaching.  But definitely, plugins or documentation should
> warn users that what they're doing might conceivably allow them to be
> traced.