Re: Confidentiality notices on email messages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/14/2011 08:28 AM, Alessandro Vesely wrote:
> On 14/Jul/11 03:48, John Levine wrote:
>>> Yes, and perhaps disclaimers/confidentiality notices should be
>>> standardized with their own MIME type to make automatic processing
>>> easier so receivers of this kind of notice (mailing-list or other)
>>> can respect the wishes of the sender.
>>
>> That respect would of course be demonstrated by rejecting or
>> discarding the mail unread, to avoid any possibility that it could
>> fall into the wrong hands.
> 
> Yes, with the possible exception of recipients deploying a Treacherous
> Computing environment that includes checks against forwarding or
> replying with non fair use quotations of confidential messages.
> 
>> PS: Perhaps I should propose a revised RFC 5617 adding dkim=confidential.
> 
> One can sign the "Sensitivity" header field defined by RFC 2156.  It
> can have the values "Personal" / "Private" / "Company-Confidential".
> 
> However, I received some messages bearing a confidentiality notice but
> missing this field entirely.  Even the TC system above could hardly
> cope with such inconsistent settings.

1. If an email received contains a Sensivity header with Confidential, Private
or Personal, the email is rejected.

2. Else, with techniques similar to spam filtering, a process can then test if
the email may contain a legal notice (perhaps Spamassassin can be configured to
do this - I am not a specialist).  If such notice is detected, and there is no
Sensivity header the email is bounced back with a text similar to this:

"We automatically detected that your email may contain a legal notice, but we
have no way to be sure that this notice is compliant with our rules, but we
cannot take the legal risk to accept it against the wishes of your employer.
Please contact your IT department and ask them to add a Sensivity header to the
emails sent by your organization, which should be even easier than adding the
legal notice."

3. Else, if a notice is detected and there is a Sensivity=public header, then
the email is accepted.

4. Else, if no notice is detected, the email is accepted.


> Do notices still retain any
> legal value in such cases?

- -- 
Marc Petit-Huguenin
Personal email: marc@xxxxxxxxxxxxxxxxxx
Professional email: petithug@xxxxxxx
Blog: http://blog.marc.petit-huguenin.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4fHPUACgkQ9RoMZyVa61f1HwCcDCWWIade84CPrOGglYUOS5Jk
UPMAn0eETDcMfjPq6do1Jb92eWGud+ls
=dlvr
-----END PGP SIGNATURE-----
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]