IETF Logo Mail Archive

Re: [Bimi] (non)desire for bimi

Dave Crocker <dcrocker@gmail.com> Sat, 16 February 2019 17:03 UTC

Return-Path: <dcrocker@gmail.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8A38130F0B for <bimi@ietfa.amsl.com>; Sat, 16 Feb 2019 09:03:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n67OedKDPYeA for <bimi@ietfa.amsl.com>; Sat, 16 Feb 2019 09:03:26 -0800 (PST)
Received: from mail-ot1-x32b.google.com (mail-ot1-x32b.google.com [IPv6:2607:f8b0:4864:20::32b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 691CB130F06 for <bimi@ietf.org>; Sat, 16 Feb 2019 09:03:26 -0800 (PST)
Received: by mail-ot1-x32b.google.com with SMTP id v62so12951074otb.3 for <bimi@ietf.org>; Sat, 16 Feb 2019 09:03:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=kPg90ktIdiWNNcIceYbRN7bNsXexdG/JK+oS94M4Lf8=; b=NSTAwwct0Y1lL4m78kqyvzFoPVvkS1y+m7/zCmb+iDB4LKs8IFOy3Gf/Qqr6tJHIad S581aidcwaEYzOCtvt+b/2Th02YbVZfGNsCPk40DxDXvetoGPIbc6/jWYHw3Yo6UIy8N BDtOL8ltP9pFluaSoSAaW0qLAk8fN0kwrJ95+kpa5vb21Bu4Ycpn+XbXd7U+Ri6RU1ni Iii3T7OiB67Gqy+7VgzDe7iihfHceRUrSsHv4rNxt99bCHluFBlAhVkn5G6+tUZMPxAC qTrRfLOJqsoquXt6UbeCd5/LK/abzXcUCxsTZrgTMYc0KRQphR7wbyliTmO7SX3Z+t6g dKhw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=kPg90ktIdiWNNcIceYbRN7bNsXexdG/JK+oS94M4Lf8=; b=UfBQjGW2S7MOHa7L0C5YMMVsN0vFfmCWy9TkpFKbH9iVKHL6L7iYzGLMkoqrijvPFn AnZo/lh3Ru8R/PBl2DgzODxO0uzz1nIwppQKu3A7i4gh/9NTCJclLnqPAHfnwd6wG1V5 qvp4+SmleXXL9XeaqwAYhZURIAT4hTXsgsXGmZa8eXkgmXznsM9OhNd76M0IGoHd3gQX 3/8O/G+a6Iij7zEppmE4ZEKYjZNQWzmuwGcNZPtHZ47dnXWCV3abZnM8zcN9URm9ARNW omwhWNPsBIxUnXMf3cq4XC7j+TOhAVmuEFOZVMV1DeQqX7JoLGqLvxUfZ+1KB8O4tTDX 9N1A==
X-Gm-Message-State: AHQUAuZcjH+xarXayLGQb4zK+xac6Qr8jJIr+jVjzRABF9zHFIX0Id/a c65mSUoB7vJLdekHnBpgf/XfjWRk
X-Google-Smtp-Source: AHgI3IbfgcoWyUo0ofy9MkTb+DdqbVGp19ps3luYwWZDEmxOJhvM1sWzCnoECv/j9SLa8Vib3Td/TQ==
X-Received: by 2002:a54:4698:: with SMTP id k24mr8665032oic.37.1550336604979; Sat, 16 Feb 2019 09:03:24 -0800 (PST)
Received: from ?IPv6:2600:1700:a3a0:4c80:110e:5911:3998:b7de? ([2600:1700:a3a0:4c80:110e:5911:3998:b7de]) by smtp.gmail.com with ESMTPSA id h19sm3463735otr.34.2019.02.16.09.03.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 16 Feb 2019 09:03:23 -0800 (PST)
To: Marcel Becker <marcel.becker=40verizonmedia.com@dmarc.ietf.org>, bimi@ietf.org
References: <aa919aeb-caa1-6494-259d-a553b238c268@cs.tcd.ie> <3d9231e9-6936-cc02-000e-a4d7df919bb4@andreasschulze.de> <CAAYvrBvGediUY1W9PZ+JuS585Mk8wxLpFq7TZELSOF-NSp5CyQ@mail.gmail.com> <5c7a10e3-47a0-e84a-d78a-dea5c44fb2ae@dcrocker.net> <CAAYvrBumzJrj51VdOYEf_Tmo4X-MhvfuabWHb_p5embAe0uAow@mail.gmail.com>
From: Dave Crocker <dcrocker@gmail.com>
Message-ID: <0245cd12-2965-86ca-78e4-b3b1996e6efe@gmail.com>
Date: Sat, 16 Feb 2019 09:03:19 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0
MIME-Version: 1.0
In-Reply-To: <CAAYvrBumzJrj51VdOYEf_Tmo4X-MhvfuabWHb_p5embAe0uAow@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/I8bq-IEsVDPAgkEA0QIE4JLb72c>
X-Mailman-Approved-At: Sat, 16 Feb 2019 09:11:20 -0800
Subject: Re: [Bimi] (non)desire for bimi
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Feb 2019 17:03:29 -0000

On 2/16/2019 8:24 AM, Marcel Becker wrote:
> On Feb 16, 2019, at 08:11, Dave Crocker <dhc@dcrocker.net> wrote:
>> Except, of course, that it will not have that effect on users, because there is extensive experience demonstrating that users mostly do not learn or use such signals.
> 
> While I usually tend to agree with that statement it is — in that
> absolut form — not necessarily true. We know that, given time, users
> are quite capable of learning and using such signals. When
> specifically designed for that task.


In real life, for this kind of task, no, they aren't.

On the average, they don't have an adequate threat model, they do not 
understand the security mechanisms, and they do not allocate the 
necessary time and effort to making the real-time decision.

If you have evidence of average users making security-related decisions 
in real-time -- in the midst of boring, daily tasks -- please provide it.

d/

-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email