[Bimi] Re: Intentions for an IETF BIMI Working Group
"Murray S. Kucherawy" <superuser@gmail.com> Wed, 12 June 2024 02:38 UTC
Return-Path: <superuser@gmail.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D8DDC1D4CD2 for <bimi@ietfa.amsl.com>; Tue, 11 Jun 2024 19:38:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 99t1ZTG0ZD2f for <bimi@ietfa.amsl.com>; Tue, 11 Jun 2024 19:38:00 -0700 (PDT)
Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AABFCC14F6E8 for <bimi@ietf.org>; Tue, 11 Jun 2024 19:38:00 -0700 (PDT)
Received: by mail-ej1-x631.google.com with SMTP id a640c23a62f3a-a6e9e122232so31346666b.3 for <bimi@ietf.org>; Tue, 11 Jun 2024 19:38:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1718159878; x=1718764678; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=H9AfCT9Tfe4dzm64bI/dFp/yzSkvVlIVD7xUyQ0s2U0=; b=cu4yRAOibSs3im7Zs0iK5hTOFweOW7x74Coxu9YBpfw8kdfnHHVXmQB+yZ/5jIMRi7 TlFOfXlevAGpqSd/WGw3lvF9u7MnCOC6Ad+/P4pnLSSvo9S1TSMrytgnr1bSFDU1jAZR 3u49GhWfX69103eiYN2iuzxPvBxClYv4hlSaRnHYRWn2rru3Bkbacmp2alloYbf98pdh kXBSMVic+mKfuFnOhrRw+BMeOZ3UOlgAJWJpODThHy/zKXQw+sZHhJIfJwy4oSvUEduF ma1IPpGYffy86aMkf4GjCtY53r2+rUVmA7Q4h/tQC/+VOUUPbES2kPlnoDKevU5UiDep pvGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718159878; x=1718764678; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=H9AfCT9Tfe4dzm64bI/dFp/yzSkvVlIVD7xUyQ0s2U0=; b=OJ+pMnx5XmhKUavwr4M9fogBlPwrX0d6DP7t8M1WZug6s+JpPjQLx+d5wFo3BDrCxx 99LY10ptJfK1NwLOqOGv23judlc9GfWmc8r/pQhayAST/FuHUM32IbVzpe3+9j+4SXEx NgkE7M//aYG/5fAxAPimM+3lCkMy/YnZYFzetE1yQgPcQUVxMglBrEG3yWxphPJLrZoE nUOCtzlk4WXugM6vkh6zTtSCxewcbYMHN5UTQ6MmkRX4FZPorCJSgX3HxbkD/AbcEgzo UI2aNGemam4mlKugL48fi/LQ3tMUP+vIIHowJ/azvOhHYNczOSpxiADg+N4/lhAO8YEK YiPg==
X-Gm-Message-State: AOJu0YxSBKtHsYgNmFkoTaRtRocGiFnwrs4IOU9wPBjZFGqysupaCCD5 Am3zKQxsn3CrErzeZEXUfGqKLgUP9c8of9rOBehMQlKdyosBtpUDLO/bB2evfaxXggsi7GLlv/7 a9b127RrIpWjO1oqVy71VC2e3brLKwEoO
X-Google-Smtp-Source: AGHT+IFE8UIdLTxF8qGZ2OH+vAS4t3ZMl+HzlGwJHCkosA79FdCrNn9IGBSg5yC6z/jC/N8ZR24WI5ATwrDBEQPjFFk=
X-Received: by 2002:a17:907:7e9e:b0:a6f:316f:fac4 with SMTP id a640c23a62f3a-a6f47d4907dmr28335066b.3.1718159878030; Tue, 11 Jun 2024 19:37:58 -0700 (PDT)
MIME-Version: 1.0
References: <FDA3E6A9AF1318C54BB9FBD2@PSB> <CAL0qLwaNHUk5NWyVQuP1C2x3uiDnX7QVMuG_jtCaVfuxLrSY6w@mail.gmail.com> <CAOZAAfNkEZB9RDTcPn62nu+aw=HiOSHjMEvdGweRx-e474ByEA@mail.gmail.com>
In-Reply-To: <CAOZAAfNkEZB9RDTcPn62nu+aw=HiOSHjMEvdGweRx-e474ByEA@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Tue, 11 Jun 2024 19:37:45 -0700
Message-ID: <CAL0qLwZMdcNYsqDSVyEz9BWycX2todPvRTzHhwt0faNgO4CRSQ@mail.gmail.com>
To: Seth Blank <seth@valimail.com>
Content-Type: multipart/alternative; boundary="000000000000328ea4061aa845fb"
Message-ID-Hash: VCXMCYREETMCVWSOQLSSXGIEKOPNY2I6
X-Message-ID-Hash: VCXMCYREETMCVWSOQLSSXGIEKOPNY2I6
X-MailFrom: superuser@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: bimi@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Bimi] Re: Intentions for an IETF BIMI Working Group
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/TBDVrsB1K5iU1k_m6EppNU3zezM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Owner: <mailto:bimi-owner@ietf.org>
List-Post: <mailto:bimi@ietf.org>
List-Subscribe: <mailto:bimi-join@ietf.org>
List-Unsubscribe: <mailto:bimi-leave@ietf.org>
Well it's been a few weeks since Seth asked this question, and I was hoping others might provide their own perspectives before I replied. But none have appeared, so here goes: On Thu, May 16, 2024 at 4:18 PM Seth Blank <seth@valimail.com> wrote: > So, yes. We want this work to be done at the IETF. And we understand that > means it may change significantly. The charter of the AuthIndicators > Working Group is specifically designed to output a draft spec or specs that > will then be released freely to go through a public standards body process > with whatever changes those entail. > > Many conversations here have frankly felt like the intent is to pile on > with all the reasons BIMI won't work, and that no one personally wants > BIMI. If that's the pretext, we should shut this list down. > > However, if there's actually interest on this list in digging in and > solving these problems collaboratively, having a new BOF, and considering > chartering a working group, we may be ready to do that for 121. > > What's the productive path forward from here? > I guess that depends. I haven't really spoken to anyone about BIMI since that BoF, and I'm not privy to discussions that have taken place about it other than what we can see in the archive on this list. With that context in mind, here are my thoughts: I recall that the "B" in "BIMI" stands for "Brand" (https://bimigroup.org) which just sounds like something with a primarily commercial or advertising slant to it. I think that will put people off of working on a protocol in an open standards body where the outcome mainly benefits operators with a brand to protect; such a thing doesn't "make the Internet work better". For instance, the link I referenced above features a page where claims of logo placement and brand recognition dominate over things like user security, inter-operator trust, interoperability, efficiency, or any of the other things the IETF tends to care about advancing. A possible solution to this might be to isolate the security problems from those of presentation, so at least the pure security work will be separate from the "taint" of what appear to be purely commercial objectives. Perhaps that's the "come back when you have this" work to which you refer? What's the status of that? I also think that the IETF in general sees DMARC as a failure, despite the problem space it does solve, which started about ten years ago now and has not been cured. The workarounds are undesirable, and there's almost certainly some distrust as a result. As an IESG member, I know that it remains a recurring topic in management even after all this time. I think landing a win in terms of a standards track DMARC that reins in the earlier problems would go a long way to fixing this, but so far such a solution has proven elusive, and the energy to drive it appears to be waning. I would welcome the perspectives of other IETF participants who are also on this list. Have I got this wrong? Or are there other considerations? -MSK, ART AD
- Re: [Bimi] Possible security flaw in BIMI spec / … Stephen Farrell
- [Bimi] Re: Possible security flaw in BIMI spec / … John C Klensin
- [Bimi] Possible security flaw in BIMI spec / inte… Hanno Böck
- Re: [Bimi] Possible security flaw in BIMI spec / … Dave Crocker
- Re: [Bimi] Possible security flaw in BIMI spec / … J N
- Re: [Bimi] Possible security flaw in BIMI spec / … Dave Crocker
- Re: [Bimi] Possible security flaw in BIMI spec / … Dave Crocker
- Re: [Bimi] Possible security flaw in BIMI spec / … Brotman, Alex
- Re: [Bimi] Possible security flaw in BIMI spec / … Dave Crocker
- Re: [Bimi] Possible security flaw in BIMI spec / … Taavi Eomäe
- Re: [Bimi] Possible security flaw in BIMI spec / … Brotman, Alex
- [Bimi] Re: Possible security flaw in BIMI spec / … Dave Crocker
- [Bimi] Re: Possible security flaw in BIMI spec / … Taavi Eomäe
- [Bimi] Re: Possible security flaw in BIMI spec / … John C Klensin
- [Bimi] Re: Possible security flaw in BIMI spec / … Stephen Farrell
- [Bimi] Re: Possible security flaw in BIMI spec / … Taavi Eomäe
- [Bimi] Re: Possible security flaw in BIMI spec / … Murray S. Kucherawy
- [Bimi] Intentions for an IETF BIMI Working Group Seth Blank
- [Bimi] Re: Possible security flaw in BIMI spec / … Murray S. Kucherawy
- [Bimi] Re: Possible security flaw in BIMI spec / … Dave Crocker
- [Bimi] Re: Possible security flaw in BIMI spec / … Dave Crocker
- [Bimi] Re: Possible security flaw in BIMI spec / … Dave Crocker
- [Bimi] Re: Possible security flaw in BIMI spec / … Dave Crocker
- [Bimi] Re: Possible security flaw in BIMI spec / … Mauro De Gennaro
- [Bimi] Re: Possible security flaw in BIMI spec / … Dave Crocker
- [Bimi] Re: Possible security flaw in BIMI spec / … Mauro De Gennaro
- [Bimi] Re: Possible security flaw in BIMI spec / … Brotman, Alex
- [Bimi] Re: Possible security flaw in BIMI spec / … John C Klensin
- [Bimi] Re: Possible security flaw in BIMI spec / … Dave Crocker
- [Bimi] Re: Possible security flaw in BIMI spec / … Mauro De Gennaro
- [Bimi] Re: Possible security flaw in BIMI spec / … Mauro De Gennaro
- [Bimi] Re: Possible security flaw in BIMI spec / … Dave Crocker
- [Bimi] Re: Intentions for an IETF BIMI Working Gr… Murray S. Kucherawy
- [Bimi] Re: Intentions for an IETF BIMI Working Gr… John C Klensin
- [Bimi] Re: Intentions for an IETF BIMI Working Gr… Murray S. Kucherawy
- [Bimi] Re: Intentions for an IETF BIMI Working Gr… Wei Chuang
- [Bimi] Re: Intentions for an IETF BIMI Working Gr… Tim Hollebeek