Network Working Group                                          U. Koenig
Internet-Draft                                           J. Schallaboeck
Intended status: Experimental                Unabhaengiges Landeszentrum
Expires: December 9, 2012                              fuer Datenschutz
                                                      Schleswig-Holstein
                                                           June 07, 2012


                Privacy Preferences for E-Mail Messages
                       draft-koenig-privicons-04

Abstract

   This document proposes a syntax and semantics as an extension of the
   Internet Message Format (e-mail message) allowing a Sending User of
   an e-mail message to express his or her preference for how the
   message content is to be handled by the Receiving Users.  For this
   purpose, semantics of sets of different character combinations
   ("Privicons") are described.  These can syntactically be integrated
   either in the first-line of the body, in the subject line and/or in a
   dedicated header of any e-mail message.  The Privicons icon set
   consists of six different icons.  They will be machine-readable.  The
   Privicons concept is partly borrowing its approach from the concept
   of emoticons.  For example, to express that the content may be
   forwarded and even be published.  The Sending User could use the
   Privicon "[>]", which may be followed by an additional explanations,
   such as "please share".

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on December 9, 2012.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the



Koenig & Schallaboeck   Expires December 9, 2012                [Page 1]


Internet-Draft                  Privicons                      June 2012


   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.








































Koenig & Schallaboeck   Expires December 9, 2012                [Page 2]


Internet-Draft                  Privicons                      June 2012


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
     1.1.  Overview . . . . . . . . . . . . . . . . . . . . . . . . .  4
     1.2.  Relations to other standards . . . . . . . . . . . . . . .  4
     1.3.  Terminology and Conventions  . . . . . . . . . . . . . . .  5
   2.  Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . .  5
     2.1.  Definitions  . . . . . . . . . . . . . . . . . . . . . . .  6
     2.2.  First-Line(s) of Message body  . . . . . . . . . . . . . .  6
     2.3.  Subject Line . . . . . . . . . . . . . . . . . . . . . . .  7
     2.4.  Header . . . . . . . . . . . . . . . . . . . . . . . . . .  8
     2.5.  Footer . . . . . . . . . . . . . . . . . . . . . . . . . .  8
     2.6.  Authoritative or Parsing order - Conflicts . . . . . . . .  9
     2.7.  Syntax error . . . . . . . . . . . . . . . . . . . . . . .  9
     2.8.  HTML-Messages  . . . . . . . . . . . . . . . . . . . . . .  9
   3.  Semantics  . . . . . . . . . . . . . . . . . . . . . . . . . . 10
     3.1.  Privicons  . . . . . . . . . . . . . . . . . . . . . . . . 10
       3.1.1.  [X] Keep private . . . . . . . . . . . . . . . . . . . 10
       3.1.2.  [/] Don't print  . . . . . . . . . . . . . . . . . . . 10
       3.1.3.  [=] Delete after reading, I days or on date  . . . . . 10
       3.1.4.  [-] No attribution . . . . . . . . . . . . . . . . . . 10
       3.1.5.  [o] Keep internal  . . . . . . . . . . . . . . . . . . 11
       3.1.6.  [>] Please share . . . . . . . . . . . . . . . . . . . 11
     3.2.  Multiple Privicons . . . . . . . . . . . . . . . . . . . . 11
   4.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 12
   5.  Security Considerations  . . . . . . . . . . . . . . . . . . . 12
   6.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 12
   7.  Normative References . . . . . . . . . . . . . . . . . . . . . 12
   Appendix A.  Example e-mail message  . . . . . . . . . . . . . . . 13
   Appendix B.  Informative example requirements for e-mail
                message user agents . . . . . . . . . . . . . . . . . 14
     B.1.  User agent behaviour . . . . . . . . . . . . . . . . . . . 14
       B.1.1.  Terms  . . . . . . . . . . . . . . . . . . . . . . . . 14
       B.1.2.  [X] Keep secret  . . . . . . . . . . . . . . . . . . . 14
       B.1.3.  [/] Don't print  . . . . . . . . . . . . . . . . . . . 15
       B.1.4.  [=] Delete after reading, I days or on date  . . . . . 15
       B.1.5.  [-] No attribution . . . . . . . . . . . . . . . . . . 16
       B.1.6.  [o] Keep internal  . . . . . . . . . . . . . . . . . . 16
       B.1.7.  [>] Please share . . . . . . . . . . . . . . . . . . . 16
     B.2.  Confirmation/Affirmation of preferences  . . . . . . . . . 17
     B.3.  Transparency (OPTIONAL)  . . . . . . . . . . . . . . . . . 17
   Appendix C.  Graphical Representation of the State Machine . . . . 17
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17








Koenig & Schallaboeck   Expires December 9, 2012                [Page 3]


Internet-Draft                  Privicons                      June 2012


1.  Introduction

1.1.  Overview

   Privicons describe a vocabulary of icons as an extension of the
   Internet Message Format (e-mail message) for users to indicate how
   their e-mail message should be treated.  The icons are based on ASCII
   symbols so that they can appear as embedded graphics or plain text
   and include a variety of instructions such as "don't print,"
   "internal use only," and "confidential".  It is partly borrowing its
   approach from the concept of emoticons.  For example to express, that
   the content can be forwarded and even be published, the Sending User
   could use the Privicon "[>]", which may be followed by an additional
   explanations, such as "please share".

   This document proposes a syntax (Section 2) and semantics (Section 3)
   allowing a Sending User of an e-mail message to express his or her
   preference for how the e-mail message content should be handled by
   the Receiving Users.  For this purpose, semantics of sets of
   different character combinations ("Privicons") are described.  These
   can syntactically be integrated either in the first-line of the body,
   in the subject line and/or in a dedicated header of any e-mail
   message.  The Privicons icon set has six different icons.  They will
   be machine-readable.

   Importantly, the user can override all requests transmitted by
   Privicons: The approach is grounded in reminder over hard-coded
   solutions that indiscriminately restrict speech.  Therefore, the
   icons are merely asking the Receiving User of an e-mail to follow the
   Sending User's preference.  Other than DRM oriented approaches,
   Privicons embraces the concept of code-based norms approach.  This
   means, that the approach relies on social norms to be followed by the
   Receiving User, rather than technical enforcement mechanisms.
   However, technical means may be used to support this (for example,
   specifications see example e-mail message (Appendix B)).

   Note: The specific character combinations for each Privicon is
   currently undergoing user testing, it therefore might and will most
   certainly change during the progression of this draft.

1.2.  Relations to other standards

   This specification extends [RFC5322] - Internet Message Format by
   defining certain syntax for the first-line(s) of the body, the
   subject line and an additional header field.






Koenig & Schallaboeck   Expires December 9, 2012                [Page 4]


Internet-Draft                  Privicons                      June 2012


1.3.  Terminology and Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

   o  The term "User Agent" (often also Mail User Agent, UA, MUA) is
      used as defined in Section-2.3.3 in [RFC5321]

   o  The terms "Sending User" and "Receiving User" are related to a
      user using the User Agent either sending or receiving an e-mail
      message.  A Sending User is a user that sends an e-mail message to
      a Receiving User.  A Receiving User is a user that receives an
      e-mail message from a Sending User.

   o  The term "Line" is used as defined by SMTP Section-2.3.8 in
      [RFC5322] thereof

   o  The term "full-date" is used as defined by Section-5.6 in
      [RFC3339].

   o  The term Privacy Preference describes the intention the user had
      when she has sent a specific e-mail message.  It can be expressed
      with the Privicons described in this RFC.


2.  Syntax

   In this section, the syntax if the Privicon e-mail extension is
   defined.  For semantics (Section 3), please see next section.  A User
   can indicate a Privacy Preference as lined out below in the following
   ways:

   o  by making available selection of the Privicons, which SHOULD be
      provided by the user agent,

   o  by inserting a Privicon in the subject line - by inserting a
      Privicon in the first-line of the body.

   An e-mail message fully compliant with this RFC will be called a
   Privicon Message, it

   o  MUST contain a header (Section 2.4) with Privacy Preferences,

   o  SHOULD contain subject (Section 2.3) with Privicon,

   o  SHOULD have first-line (Section 2.2) and footer (Section 2.5)




Koenig & Schallaboeck   Expires December 9, 2012                [Page 5]


Internet-Draft                  Privicons                      June 2012


   o  and MAY generate an HTML version.

   The following section describes how the Privicon status of an e-mail
   message is determined, concerning the privacy preferences described
   in Overview (Section 1.1)

2.1.  Definitions

   element1 | element2  Elements separated by a bar ("|") are
      alternatives, e.g., "yes | no" will accept yes or no.

   "literal"  Quotation marks surround literal text.  Unless stated
      otherwise, the text is case-insensitive.

   whitespace  " "

   whatever  Some arbitrary text.

   date  Will be substituted by a "full-date", [RFC3339].

   privicon  =
      ("[X]"|"[/]"|"[=]"|"[=0]"|"[=I]"|"[=date]"|"[-]"|"[o]"|"[>]") -
      the Privicon token.  It contains all valid Privicons, the Privicon
      icon set.

   I  I will be substituted by an integer number >= 0.

   description  Contains the description of the Privicon as defined in
      Semantics (Section 3).

   subject  Is the e-mail message subject field, see [RFC5322].

   CRLF  Is the carriage return/line feed pair written in this document
      as "CRLF".  A line is a series of characters that is delimited
      with the two characters carriage-return and line-feed; that is,
      the carriage return (CR) character (ASCII value 13) followed
      immediately by the line feed (LF) character (ASCII value 10), as
      described in section2.1 in [RFC5322]

2.2.  First-Line(s) of Message body

   An indication of the Privacy Preference can be given in the first
   line of the body of an e-mail message.

   The expression MUST be followed by a text giving a short explanation
   the meaning of the expressions.  It is RECOMMENDED to use the
   following text, although localization into other languages is also
   encouraged, albeit not lined out in this document.



Koenig & Schallaboeck   Expires December 9, 2012                [Page 6]


Internet-Draft                  Privicons                      June 2012


   firstLine  = privicon whitespace "-" whitespace description

   For example:

      [X] - Keep private

      [/] - Don't print

      [=] - Delete after reading

      [=0] - Delete after reading

      [=I] - Delete after I days

      [=date] - Delete on date

      [-] - No attribution

      [o] - Keep internal

      [>] - Please share

   After the first-line, a second line, with an additional privacy
   preference may follow if the combination (Section 3.2) is permitted.

2.3.  Subject Line

   An indication of the Privacy Preference can be given in the beginning
   of a subject line of an e-mail message using the following
   expression:

      privicon whitespace subject

   or

      whatever whitespace privicon whitespace subject

   For example:

      [X] This is the subject of the e-mail message

      [/] This is the subject of the e-mail message

      [=] This is the subject of the e-mail message







Koenig & Schallaboeck   Expires December 9, 2012                [Page 7]


Internet-Draft                  Privicons                      June 2012


      [=4] This is the subject of the e-mail message

      [=1980-01-01] This is the subject of the e-mail message

      [-] This is the subject of the e-mail message

      [o] This is the subject of the e-mail message

      [>] This is the subject of the e-mail message

   or

      Re: [X] This is the subject of the e-mail message

      Fwd: [/] This is the subject of the e-mail message

2.4.  Header

   An indication of the Privacy Preference MAY be given in the header of
   an e-mail message, for this purpose the following field is defined,
   extending in section 3.6 in [RFC5322] the field definition, thereof.

   priviconfield  = "Privicon:" whitespace privicon CRLF

   The possible values of the Privicon token are described in
   Definitions (Section 2.1)

2.5.  Footer

   Separated by --

   The Footer MAY be located within the signature as described in
   section 4.3 in [RFC3676] .  It contains a paragraph that describes
   what the Sending User of the e-mail message intended when she chooses
   the selected Privicon.

   A clarification MAY be added that a conflict between header and
   first-line would lead to the first-line to be authoritative.

   footer  = CRLF "-- " CRLF footertext

   footertext  = firstLine CRLF description

   For example:







Koenig & Schallaboeck   Expires December 9, 2012                [Page 8]


Internet-Draft                  Privicons                      June 2012


      --

      [X] - Keep private

      The "Keep secret" Privicon asks the Receiving User to keep the
      received e-mail message secret.

   Note: Footnote may violates [RFC1855] Page4 - do not use more than 4
   lines signature.

   The Footnote is just informative not authoritative

2.6.  Authoritative or Parsing order - Conflicts

   When parsed, the authoritative order of the different elements is as
   follows:

   1.  first-line in body (Section 2.2)

   2.  subject (Section 2.3)

   3.  header (Section 2.4)

   If only one Privicon is found, it has always the same meaning, no
   matter if it is defined in first-line in body, subject or header.

2.7.  Syntax error

   After syntax error, the most restrictive case is assumed.

   For example "Delete after ??? days" will be transformed into "Delete
   immediately")

2.8.  HTML-Messages

   In HTML-Messages, the "Privicon" are OPTIONAL represented with
   graphical icons.  Example icons can be found in Annex.  Embedded
   icons MUST be included into the Message and MUST NOT be loaded from
   an Internet Server.  This is important avoid a loss of privacy for
   the receiving user.  It also causes in some cases problems with SSL-
   Encryption in web based e-mail message user agents (MUA).

   The graphical representation MUST contain the ASCII-Icon as
   Alternate-Text.

   If the "Privicon" is included in the First Line of Body, the
   "description" MUST also be displayed in next to the Privicon.




Koenig & Schallaboeck   Expires December 9, 2012                [Page 9]


Internet-Draft                  Privicons                      June 2012


3.  Semantics

3.1.  Privicons

   The Privicons icon set has six different icons.  The meaning of the
   icons will be described in this section.  It is important, that
   Privicons always just meant to be a nice way of asking somebody to do
   something.

3.1.1.  [X] Keep private

   The "Keep private" Privicon asks the Receiving User to keep the
   received e-mail message private.

3.1.2.  [/] Don't print

   The "Don't print" Privicon asks the Receiving User to not print the
   received e-mail message.

3.1.3.  [=] Delete after reading, I days or on date

   The "Delete after reading/I days" Privicon asks the Receiving User to
   delete the e-mail message no later than a specified period.  There
   are four different cases:

   1.  [=] delete after reading

   2.  [=0] delete after reading

   3.  [=I] delete after I days

   4.  [=date] delete on date

   "I" and "date" are defined in Terminology and Conventions
   (Section 1.3).

3.1.4.  [-] No attribution

   The "No attribution" Privicon asks the Receiving User to not
   attribute, name or mention the original Sending User of the e-mail
   message in any kind.  At the same time the Receiving User may quote,
   follow or paraphrase the content, facts and opinions voiced in the
   original e-mail message.  In other words, the Receiving User is free
   to use the information received, but neither the identity nor the
   affiliation of the Sending User may be revealed.






Koenig & Schallaboeck   Expires December 9, 2012               [Page 10]


Internet-Draft                  Privicons                      June 2012


3.1.5.  [o] Keep internal

   The "Keep internal" Privicon asks the Receiving User to present this
   e-mail message only to those people that are common friends, or
   otherwise part of a group of people are in a relation to both the
   Sending User and the Receiving User.  Note that the judgement,
   whether a person belongs to this group is solely upon the Receiving
   User unless otherwise indicated by the Sending User.  The "Keep
   internal" just indicates, that a Receiving User SHOULD give some
   further thought on which she is sending the e-mail message to, and
   that the Sending User does not want the e-mail message to be
   forwarded arbitrarily.

3.1.6.  [>] Please share

   The "Please share" Privicon asks the Receiving User to share this
   e-mail message with everyone, as she likes.  It may be supplemented
   by further instructions on licensing for clarifying the copyright
   status.

3.2.  Multiple Privicons

   Possible:  Y

   Impossible:  N

   Does not apply:  X

   As secondary option, potentially, and if first preference is
   overruled:

                +-----+-----+-----+-----+-----+-----+-----+
                |     | [X] | [/] | [=] | [-] | [o] | [>] |
                +-----+-----+-----+-----+-----+-----+-----+
                | [X] |  X  |  Y  |  Y  |  N  |  N  |  N  |
                | [/] |  Y  |  X  |  Y  |  Y  |  Y  |  Y  |
                | [=] |  Y  |  Y  |  X  |  Y  |  Y  |  N  |
                | [-] |  N  |  Y  |  Y  |  X  |  Y  |  Y  |
                | [o] |  N  |  N  |  Y  |  Y  |  X  |  N  |
                | [>] |  N  |  Y  |  N  |  Y  |  N  |  X  |
                +-----+-----+-----+-----+-----+-----+-----+

             Table 1: Matrix of all combinations of Privicons.








Koenig & Schallaboeck   Expires December 9, 2012               [Page 11]


Internet-Draft                  Privicons                      June 2012


4.  IANA Considerations

   This document introduces a new field in the e-mail header, as
   described in the header (Section 2.4) section.


5.  Security Considerations

   The extensions to the e-mail message Format described in this
   document does not change the fundamental nature of the SMTP service
   and hence does not create any new security exposures in and of
   itself.


6.  Acknowledgements

   In alphabetical order:

      Andreas M. Braendhaugen, Designer, San Francisco

      Laurent Bussard, European Microsoft Innovation Center

      Ryan Calo, Stanford University

      Alissa Cooper, Oxford Internet Institute

      Ethan Forrest, Stanford University

      Marit Hansen, Unabhaengiges Landeszentrum fuer Datenschutz
      Schleswig-Holstein

      Alexey Melnikov, Isode

      Ulrich Pinsdorf, European Microsoft Innovation Center

      Thomas Roessler, W3C

      Max Senges, Google Inc.

      Hannes Tschofenig, Nokia Siemens Networks


7.  Normative References

   [RFC1855]  Hambridge, S., "Netiquette Guidelines", RFC 1855,
              October 1995.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate



Koenig & Schallaboeck   Expires December 9, 2012               [Page 12]


Internet-Draft                  Privicons                      June 2012


              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC3339]  Klyne, G., Ed. and C. Newman, "Date and Time on the
              Internet: Timestamps", RFC 3339, July 2002.

   [RFC3461]  Moore, K., "Simple Mail Transfer Protocol (SMTP) Service
              Extension for Delivery Status Notifications (DSNs)",
              RFC 3461, January 2003.

   [RFC3676]  Gellens, R., "The Text/Plain Format and DelSp Parameters",
              RFC 3676, February 2004.

   [RFC5321]  Klensin, J., "Simple Mail Transfer Protocol", RFC 5321,
              October 2008.

   [RFC5322]  Resnick, P., Ed., "Internet Message Format", RFC 5322,
              October 2008.


Appendix A.  Example e-mail message

   This is an example Privicon e-mail message (Figure 1).

     Message-ID: <4C3203D3.60109@ulikoenig.com>
     Date: Mon, 05 Jul 2010 23:59:00 +0200
     From: Ulrich Koenig <rfc@ulikoenig.com>
     To: Jan Schallaboeck <uld62@datenschutzzentrum.de>
     Subject: [>] last update for Privicons RFC
     Privicon: [>]
     Content-Type: text/plain; charset=ISO-8859-15
     Content-Transfer-Encoding: quoted-printable
     [>] Please share

     Hey Jan,

     please check the IETF Website for our Privicons RFC! ;)

     best Ulrich

     --=20
     [>] Please share
     The "Please share" Privicon asks the Receiving User to share this
     e-mail message with everyone she likes.

          Figure 1: Example of an e-mail message using a Privicon






Koenig & Schallaboeck   Expires December 9, 2012               [Page 13]


Internet-Draft                  Privicons                      June 2012


Appendix B.  Informative example requirements for e-mail message user
             agents

B.1.  User agent behaviour

   This section gives developers of e-mail message user agents (MUA) or
   plug-ins for MUAs instructions how to integrate the Privicons in the
   client.

   An MUA implementing this RFC MUST enable the user at any time to
   overrule the received Privicon.  The user SHOULD also be able to set
   a default for always overruling in her client.  The rest of the
   instructions in this section are OPTIONAL.

   If the user agent displays an e-mail message that contains one or
   more Privicons it SHOULD display the icon and its meaning in a
   salient way.  If the icon is displayed by the user agent it MAY hide
   the Privicon in Subject and Body of the e-mail message.  The user
   agent MAY localise the explaining text.

B.1.1.  Terms

   confirm  A confirm pop-up or any other visible notion that yields
      active interaction by the user (i.e. clicking a button).  The user
      SHOULD be able to disable a part or all confirmations.

   inform  A pop-up, or any other visible notion, that SHOULD yield
      confirmation.  Such notification SHOULD be enabled by default.
      The user SHOULD be able to disable the notification by default.

B.1.2.  [X] Keep secret

   The "Keep private" Privicon asks the Receiving User to keep the
   received e-mail message secret.

B.1.2.1.  EVENT: Forward/Reply to third Person

   If the Receiving User wants to forward or reply-to the e-mail message
   to a third person, that is not the original Sending User, than the
   Receiving User MUST be informed, that she is going to violate the
   included Privicon and she MUST confirm that she is willing to do this
   before the e-mail message is sent.

   OPTIONAL: Transparency (Appendix B.3) applies.







Koenig & Schallaboeck   Expires December 9, 2012               [Page 14]


Internet-Draft                  Privicons                      June 2012


B.1.3.  [/] Don't print

B.1.3.1.  EVENT: Printing e-mail message

   If the Receiving User wants to print the e-mail message, she MUST be
   informed that she is going to violate the included Privicon and she
   MUST confirm that she is willing to do this before printing is
   started.

B.1.4.  [=] Delete after reading, I days or on date

B.1.4.1.  EVENT: Closing Mail

   If the Receiving User closes the e-mail message, she MUST be
   informed, that the e-mail message SHOULD be deleted after X days.

   The user MUST confirm whenever she closes the e-mail message, hat the
   e-mail message is deleted immediately.

   The client SHOULD enable the user to choose a default option.

   Note: if e-mail messages are displayed in list mode, then the
   confirmation will be raised, when opening the next e-mail message.

B.1.4.1.1.  Option a) delete after reading

   The above confirmation MUST ask the user, whether

   o  ignore, do not decide now, ask me again next time,

   o  delete or move into a "to be deleted" folder, as indicated in the
      preferences or

   o  ask again after a specified period.

B.1.4.1.2.  Option b) delete after X days

   The above confirmation MUST ask the user, whether

   o  ignore, do not decide now, ask me again next time,

   o  delete now,

   o  delete after X days automatically or

   o  ask me in X days.





Koenig & Schallaboeck   Expires December 9, 2012               [Page 15]


Internet-Draft                  Privicons                      June 2012


B.1.4.1.3.  Option c) delete on date

   The above confirmation MUST ask the user, whether

   o  ignore, do not decide now, ask me again next time,

   o  delete now,

   o  delete on date automatically or

   o  ask me on date.

B.1.5.  [-] No attribution

B.1.5.1.  EVENT: reply, forward, store

   If the Receiving User wants to forward or reply to a third person or
   store the e-mail message, she MUST be informed, that the Sending User
   doesn't want to be mentioned and MUST confirm that she is willing to
   overrule the Sending Users wish or remove any occurrence of the
   Sending User in the e-mail message (Header and Body).  The removal of
   the Sending User MAY be done by the user agent automatically.

   OPTIONAL: Transparency (Appendix B.3) applies.

B.1.6.  [o] Keep internal

   If the Receiving User has defined what "internal" means to her, the
   following rules in the "Keep internal" subsection only apply if at
   least one of the Receiving Users are not part of her internal
   definition.

   If the Receiving User wants to forward or reply the e-mail message to
   a third person, the user MUST be informed that she SHOULD check if
   the third person is really part of the group that the Sending User
   intended to be internal and MUST confirm that she really to send this
   e-mail message.

   OPTIONAL: Transparency (Appendix B.3) applies.

B.1.7.  [>] Please share

   The client SHOULD notice the user, that the content of the e-mail
   message can be published.  If the Sending User has transmitted a
   license for publishing the content, it SHOULD also be displayed.






Koenig & Schallaboeck   Expires December 9, 2012               [Page 16]


Internet-Draft                  Privicons                      June 2012


B.2.  Confirmation/Affirmation of preferences

   Note this may be for further versions, but might yield legal
   implications: Before opening the e-mail message containing a
   Privicon, the User Agent SHOULD inform the user what the user is
   asked to do with the option to reject the e-mail message.  To reject
   an e-mail message means the Sending User is notified, that the e-mail
   message is rejected and has been deleted at User Agent's side before
   reading.  Not to reject the e-mail message does not mean, that the
   receiving user accepts the requested conditions, see [RFC3461].

B.3.  Transparency (OPTIONAL)

   If a Receiving User forwards or replies an e-mail message containing
   a Privicon to a third person, the original Sending User OPTIONAL get
   a copy via carbon copy or a blind carbon copy by default.  The
   Receiving User MUST be able overrule this.  She also SHOULD be able
   to disable the default sending of a copy in the user preferences.


Appendix C.  Graphical Representation of the State Machine

   There is a graphical representation of the Privicons, that MAY be
   used by MUAs, see Figure (Figure 2).

   In the PS/PDF version of this specification, the
   graphical representation of the Privicons can be
   found here.

           Figure 2: Graphical representation of the Privicons.


Authors' Addresses

   Ulrich Koenig
   Unabhaengiges Landeszentrum fuer Datenschutz Schleswig-Holstein
   Duesternbrooker Weg 70
   Kiel, Schleswig-Holstein  24105
   Germany

   Phone: +49-431-988-1220
   Fax:   +49-431-988-1223
   Email: rfc@ulikoenig.com
   URI:   https://www.datenschutzzentrum.de







Koenig & Schallaboeck   Expires December 9, 2012               [Page 17]


Internet-Draft                  Privicons                      June 2012


   Jan Schallaboeck
   Unabhaengiges Landeszentrum fuer Datenschutz Schleswig-Holstein
   Holstenstr. 98
   Kiel, Schleswig-Holstein  24103
   Germany

   Phone: +49-431-988-1220
   Fax:   +49-431-988-1223
   Email: uld62@datenschutzzentrum.de
   URI:   https://www.datenschutzzentrum.de









































Koenig & Schallaboeck   Expires December 9, 2012               [Page 18]