Re: [Bimi] Today's BoF
Wei Chuang <weihaw@google.com> Thu, 04 April 2019 14:22 UTC
Return-Path: <weihaw@google.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58ACC1206B6 for <bimi@ietfa.amsl.com>; Thu, 4 Apr 2019 07:22:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Level:
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WWdJWHQjsyav for <bimi@ietfa.amsl.com>; Thu, 4 Apr 2019 07:22:24 -0700 (PDT)
Received: from mail-vs1-xe31.google.com (mail-vs1-xe31.google.com [IPv6:2607:f8b0:4864:20::e31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B14F12061B for <bimi@ietf.org>; Thu, 4 Apr 2019 07:22:24 -0700 (PDT)
Received: by mail-vs1-xe31.google.com with SMTP id s2so1460509vsi.5 for <bimi@ietf.org>; Thu, 04 Apr 2019 07:22:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=q2ynEow1rHaHPJKNe4Uqh/wWSw2kd0sNvbkQnotjAwo=; b=E+vwwRVCSq7sOaBaYxYGR5qMDcg6n8oDROnaH1PQARkPZRjKBatQjaVv6s++gWAlJS eXf2wbeo3e86tgBz5mM9yPDBNOn+B34n9OvIuF0qf2p43q5EDltHJ3kDkH8TQn5wu7qX gnbhvPhdsrwKqViSexQli8l0RrPd/6wVo6yP0hZAgDabAxbWl8KQ/xHHNtr/vJ3UK2ab B8/2c30q837K2iVPrgFhBd7cfHAYNGziK1SgkRC6fyPDjqsioVPEimwsWAiO3q9MI9Hz Jkej2KMHXcSvtn631EeLautpQz5I9wE2jVk3LIAR/mJRXqUXRoKE/L2mjxu2R/TsCyba /QnA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=q2ynEow1rHaHPJKNe4Uqh/wWSw2kd0sNvbkQnotjAwo=; b=RZKuyBDgGDeaATpllcKiRXdw2K8B+FjKCGksvQHaxAnXIl+akKP9Z2/JIQ4AZDOdG3 PZusMIbHrxz6d2cwWhXpHy9bwEu2hPEMTzsIyl80cj7N73CiIfUDq1PEl/YDQNeqRZFo Ynkdz5HjUkzep0tsT9Vdv1H0Clpkmej20TCZtmly/BbJ2/OYj+5zDk6af4jbBEo/7pEv R8q8gDQDRA1tuWg8Y2fjBsCxbvkT+eoYh034e7ofWSx3FMwp9LCUHmD39vfMP0EGREmt /dZRa8nWSl8Hf9OGDuNiUgjBw810OUxBHtWNnbFhUaMVV6h96L32KOAvuUN4MCyUjvyG Qraw==
X-Gm-Message-State: APjAAAV3HEOgFcMqW4+dR7riwlP0JNxIiICR3UtsY9YpNNImlWpXe3NH QDEUXpwluNDDtTWEZ3eRzAVyhpuH4+z6A4ul92v/5A==
X-Google-Smtp-Source: APXvYqyFCfIeuvWAoE4r1s6B9p4ioCveZogU8F1PrexNHbJ1Pp3JwIOhBKGsp1b9UldT3rYqiiyMe/NlGKx4GjvLF9w=
X-Received: by 2002:a67:8dc5:: with SMTP id p188mr4167999vsd.52.1554387742772; Thu, 04 Apr 2019 07:22:22 -0700 (PDT)
MIME-Version: 1.0
References: <20190402195409.7C6FA201144B7C@ary.qy> <6D3D29C7AE7A951D108A697E@PSB>
In-Reply-To: <6D3D29C7AE7A951D108A697E@PSB>
From: Wei Chuang <weihaw@google.com>
Date: Thu, 04 Apr 2019 07:22:04 -0700
Message-ID: <CAAFsWK00ggcu15O8nNXE2aHL2_dm6JyWGORct6sKY+-j9EK3_w@mail.gmail.com>
To: John C Klensin <john-ietf@jck.com>
Cc: John Levine <johnl@taugh.com>, bimi@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="0000000000004b54270585b519d5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/SgFrtxn1NgpQl089CyyRKza-mcg>
Subject: Re: [Bimi] Today's BoF
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2019 14:22:26 -0000
*From: *John C Klensin <john-ietf@jck.com> *Date: *Tue, Apr 2, 2019 at 2:03 PM *To: *John Levine *Cc: * <bimi@ietf.org> > > --On Tuesday, April 2, 2019 15:54 -0400 John Levine > <johnl@taugh.com> wrote: > > > ... > > > I > > gather that one of the gorillas accidentally made this mistake > > in their informal logo collection system and a motivation for > > bimi is to keep it from happening again. > > If one conbines that sentence with the "Nobody is assuming..." > one above, then a motivation for bimi is to cure (or prevent) > stupidity. Perhaps it will work this time, but the track record > of other efforts to apply such cures has not been good. > > > Of course this returns us to the major question of whether it's > > possible to invent an effective system to check bimi > > applications. I could invent one that involved a staff of > > trademark lawyers, but I don't think anyone outside the S&P > > 500 would find that usable. > > Indeed. > Agreed that VMC will have a significant coverage limitation since its uses registered trademarks that enables 3rd party verification. Its one that we're trying to figure out how to expand and we're very much asking for your help and for your ideas to expand that coverage. VMC and its 3rd party verification system is just one approach, and is a starting point for BIMI because we think is feasible to do in the near term, but we agree its not a complete solution. I should point out and has been alluded to in the above thread, that BIMI also allows naked logos (meaning non-third party verifed) to be identified by hash and fetched. This depends even more heavily on reputation systems to use safely but it may allow much more of the use cases identified in the overview draft 5.3-5.11. https://tools.ietf.org/html/draft-bkl-bimi-overview-00 The theory for its usage is very much like the favicon approach on the web, and yes this approach will run headlong into all the issues you pointed out. The choice of its usage is up to the receiver that is interested in that flexibility and okay with the risk. Along the notion of exanding coverage, I just also wanted to point out 3rd pary verification can work so long as what it tests is objective. It might not have to involve marks. For example I would imagine a sender might be associated with a place or person, and a photos of that places or person could be reasonably verified. Anyways we are looking for ideas to expand coverage. -Wei
- [Bimi] Today's BoF John C Klensin
- Re: [Bimi] Today's BoF Wei Chuang
- Re: [Bimi] Today's BoF Dave Crocker
- Re: [Bimi] Today's BoF Wei Chuang
- Re: [Bimi] Today's BoF Dave Crocker
- [Bimi] Laches (was: Today's BoF) Richard Clayton
- Re: [Bimi] Today's BoF John C Klensin
- Re: [Bimi] Today's BoF John Levine
- Re: [Bimi] Today's BoF John C Klensin
- Re: [Bimi] Today's BoF Wei Chuang
- Re: [Bimi] Today's BoF Wei Chuang
- Re: [Bimi] Today's BoF Wei Chuang
- Re: [Bimi] Today's BoF Richard Clayton
- Re: [Bimi] Laches (was: Today's BoF) Wei Chuang
- Re: [Bimi] Laches Dave Crocker
- Re: [Bimi] Laches John Levine
- Re: [Bimi] Laches Dave Crocker
- Re: [Bimi] Today's BoF Wei Chuang