Message Disposition Notification
RFC 8098
Note: This ballot was opened for revision 15 and is now closed.
Alvaro Retana No Objection
(Ben Campbell; former steering group member) Yes
Yes
( for -15)
No email
send info
send info
(Alia Atlas; former steering group member) No Objection
No Objection
(2016-11-29 for -15)
No email
send info
send info
Should the Media-Type registration go to the authors of the draft, as specified, or instead to the appsawg & eventually defaulting to the IESG?
(Alissa Cooper; former steering group member) No Objection
No Objection
(2016-11-30 for -15)
No email
send info
send info
Thanks for the good work to improve the privacy properties here. = Section 6.2 = "Disposition mode (Section 3.2.6.1) can leak information about recipient's MUA configuration, in particular whether MDNs are acknowledged manually or automatically. If this is a concern, MUAs can return "manual-action/MDN-sent-manually" disposition mode in generated MDNs." I see why this is here, but doesn't recommending falsifying these fields put their integrity in question whenever they are set to manual? I mean, why would recipients trust this information if the RFC actually suggests sending a field that lies about an MDN being automatically acknowledged? = Section 6.2.2 = "The "Reporting-UA" field (Section 3.2.1) might contain enough information to uniquely identify a specific device, usually when combined with other characteristics, particularly if the user agent sends excessive details about the user's system or extensions. However, the source of unique information that is least expected by users is proactive negotiation, including the Accept-Language header fields." I think the use of "However" is tripping me up here. Earlier in the document you have good recommendations about how to mitigate the risk of fingerprinting based on the Reporting-UA field. That guidance is valid regardless of whether other header fields might also contribute to fingerprinting or whether users would expect that (frankly, I don't see how user expectations are relevant here, since most users don't understand fingerprinting anyway). I think something along the following lines to replace the last sentence above would be more accurate: "Even when the guidance in Section 3.2.1 is followed to avoid fingerprinting, other sources of unique information may still be present, including the Accept-Language header fields."
(Benoît Claise; former steering group member) No Objection
No Objection
( for -15)
No email
send info
send info
(Deborah Brungard; former steering group member) No Objection
No Objection
( for -15)
No email
send info
send info
(Joel Jaeggli; former steering group member) No Objection
No Objection
( for -15)
No email
send info
send info
(Kathleen Moriarty; former steering group member) No Objection
No Objection
( for -15)
No email
send info
send info
(Mirja Kühlewind; former steering group member) No Objection
No Objection
( for -15)
No email
send info
send info
(Spencer Dawkins; former steering group member) No Objection
No Objection
( for -15)
No email
send info
send info
(Stephen Farrell; former steering group member) No Objection
No Objection
( for -15)
No email
send info
send info
(Suresh Krishnan; former steering group member) No Objection
No Objection
( for -15)
No email
send info
send info
(Terry Manderson; former steering group member) No Objection
No Objection
( for -15)
No email
send info
send info
(Alexey Melnikov; former steering group member) Recuse
Recuse
(2016-11-24 for -15)
No email
send info
send info
I am the editor.