| draft-ietf-marf-redaction-06.txt | draft-ietf-marf-redaction.txt | |||
|---|---|---|---|---|
| MARF Working Group J. Falk, Ed. | MARF Working Group J. Falk, Ed. | |||
| Internet-Draft Return Path | Internet-Draft Return Path | |||
| Intended status: Standards Track M. Kucherawy, Ed. | Intended status: Standards Track M. Kucherawy, Ed. | |||
| Expires: July 26, 2012 Cloudmark | Expires: July 26, 2012 Cloudmark | |||
| January 23, 2012 | January 23, 2012 | |||
| Redaction of Potentially Sensitive Data from Mail Abuse Reports | Redaction of Potentially Sensitive Data from Mail Abuse Reports | |||
| draft-ietf-marf-redaction-06 | draft-ietf-marf-redaction-07 | |||
| Abstract | Abstract | |||
| Email messages often contain information that might be considered | Email messages often contain information that might be considered | |||
| private or sensitive, per either regulation or social norms. When | private or sensitive, per either regulation or social norms. When | |||
| such a message becomes the subject of a report intended to be shared | such a message becomes the subject of a report intended to be shared | |||
| with other entities, the report generator may wish to redact or elide | with other entities, the report generator may wish to redact or elide | |||
| the sensitive portions of the message. This memo suggests one method | the sensitive portions of the message. This memo suggests one method | |||
| for doing so effectively. | for doing so effectively. | |||
| skipping to change at page 4, line 7 | skipping to change at page 4, line 7 | |||
| 1. Select a transformation mechanism (see Section 3) that is | 1. Select a transformation mechanism (see Section 3) that is | |||
| consistent (i.e., the same input string produces the same output | consistent (i.e., the same input string produces the same output | |||
| each time) and reasonably collision-resistant (i.e., two | each time) and reasonably collision-resistant (i.e., two | |||
| different inputs are unlikely to produce the same output). | different inputs are unlikely to produce the same output). | |||
| 2. Identify string(s) (such as local-parts of email addresses) in a | 2. Identify string(s) (such as local-parts of email addresses) in a | |||
| message that need to be redacted. Call these strings the | message that need to be redacted. Call these strings the | |||
| "private data". | "private data". | |||
| 3. For each piece of private data, apply the selected transformation | 3. For each piece of private data, apply the selected transformation | |||
| mechanism. | mechanism. | |||
| 4. If the output of the transformation contains bytes that are not | 4. If the output of the transformation can contain bytes that are | |||
| printable ASCII, or if the output includes characters not | not printable ASCII, or if the output can include characters not | |||
| appropriate to replace the private date directly, encode the | appropriate to replace the private data directly, encode the | |||
| output with the base64 algorithm as defined in Section 4 of | output with the base64 algorithm as defined in Section 4 of | |||
| [BASE64], or some similar translation to a form valid replacement | [BASE64], or some similar translation to a form valid replacement | |||
| in the original context. For example, replacing a local-part in | in the original context. For example, replacing a local-part in | |||
| an email address with transformation output containing an "@" | an email address with transformation output containing an "@" | |||
| character (ASCII 0x40) or a space character (ASCII 0x20) is not | character (ASCII 0x40) or a space character (ASCII 0x20) is not | |||
| permitted by the specification for local-part ([SMTP]), so the | permitted by the specification for local-part ([SMTP]), so the | |||
| transformation output needs to be encoded as described. | transformation output needs to be encoded as described. | |||
| 5. Replace each instance of private data with the corresponding | 5. Replace each instance of private data with the corresponding | |||
| (possibly encoded) transformation when generating the report. | (possibly encoded) transformation when generating the report. | |||
| Note that the replaced text could also be in a context that has | ||||
| constraints such as length limits that need to be observed. | ||||
| This has the effect of obscuring the data (in a potentially | This has the effect of obscuring the data (in a potentially | |||
| irreversible way) while still allowing the report recipient to | irreversible way) while still allowing the report recipient to | |||
| observe that numerous reports are about one particular end user. | observe that numerous reports are about one particular end user. | |||
| Such detection enables the receiver to prioritize its reactions based | Such detection enables the receiver to prioritize its reactions based | |||
| on problems that appear to be focused on specific end users that may | on problems that appear to be focused on specific end users that may | |||
| be under attack. | be under attack. | |||
| 3. Transformation Mechanisms | 3. Transformation Mechanisms | |||
| End of changes. 3 change blocks. | ||||
| 4 lines changed or deleted | 6 lines changed or added | |||
This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||