[Bimi] Forest vs. Trees
Dave Crocker <dhc@dcrocker.net> Mon, 11 February 2019 15:29 UTC
Return-Path: <dhc@dcrocker.net>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9A59128B33 for <bimi@ietfa.amsl.com>; Mon, 11 Feb 2019 07:29:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dcrocker.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VDgQbJwjMDQa for <bimi@ietfa.amsl.com>; Mon, 11 Feb 2019 07:29:09 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33B2B126F72 for <bimi@ietf.org>; Mon, 11 Feb 2019 07:29:09 -0800 (PST)
Received: from [192.168.1.168] (76-218-8-128.lightspeed.sntcca.sbcglobal.net [76.218.8.128]) (authenticated bits=0) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1.1) with ESMTP id x1BFUUbn013879 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT) for <bimi@ietf.org>; Mon, 11 Feb 2019 07:30:30 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dcrocker.net; s=default; t=1549899030; bh=oxZOZorZKO2c+b0PGgu7rCZjX0xKY+U8FdbFTnIJM4M=; h=Reply-To:Subject:To:References:From:Date:In-Reply-To:From; b=jZlSHfKupmXdLFFfuJVlKtFBPo4dW5Lr4GNXviSz3l2wxaHkdk3McX8KL5gCJVjvZ a6DbymCwbd13570FVbVL4r/DEu2mMzAV4MPXQ/sS92hpjzFHR8hJzQALvzxUMwG4aV KjeO5khhBFcid0t/OxmaaS7gY9LNxN1J7mFRzwX4=
Reply-To: dcrocker@bbiw.net
To: bimi@ietf.org
References: <alpine.OSX.2.21.1902102338460.11704@ary.qy>
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
Message-ID: <5f0a62d9-b7c4-e6e0-7823-3723aa5cba32@dcrocker.net>
Date: Mon, 11 Feb 2019 07:29:02 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0
MIME-Version: 1.0
In-Reply-To: <alpine.OSX.2.21.1902102338460.11704@ary.qy>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/UVyUbyFnsWGXdoqbxznaI5uRmck>
Subject: [Bimi] Forest vs. Trees
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Feb 2019 15:29:12 -0000
Folks, BIMI sits at the crossroads of challenging security and usability (human factors) issues. It is far too easy to take the collection of submitted drafts and focus on their many details, without first establishing the basic functional goals and issues, design goals and issues, and operational goals and issues. For all of the text that has been submitted, what is first needed is a document that discusses these at a level that allows meaningful consideration of its conceptual and operational foundations, so as to establish what aspects of BIMI are clear, well understood and tractable, vs. what aspects are not, and how the latter can reasonably be resolved. Of course, the submitted drafts do contain some text tailored to this level of discussion, but only as an adjunct to the extensive detail in the specifications. Hence they contain basic descriptions and assertions, but lack necessary detail and substantiation. Merely by way of example, the opening sentence in the Abstract of draft-blank-ietf-bimi-00 says: > Brand Indicators for Message Identification (BIMI) permits Domain > Owners to coordinate with Mail User Agents (MUAs) to display brand- > specific Indicators next to properly authenticated messages. So the principal actors are domain owners and MUAs? That's probably not quite right, since there is reference to brands, without clarifying the relationship between brands and domain owners. (What's intended is pretty obvious but actually needs extensive discussion, as John L's note from last night exemplifies.) And then there's "properly authenticated messages" which is reasonable if the nature of "properly authenticated" is well understood, but which is we regularly see is highly problematic for an average reader who will think that the phrase means far more than it actually does. Again, this is just an example. Other summary text in the drafts invites similar concerns. I strongly suggest collecting and developing such language into a separate, coherent concepts and facilities draft, so that discussion can focus on the BIMI forest, before inspecting its trees. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
- [Bimi] Where do the signed certificates come from? John R Levine
- Re: [Bimi] Where do the signed certificates come … Wei Chuang
- Re: [Bimi] Where do the signed certificates come … Wei Chuang
- Re: [Bimi] Where do the signed certificates come … Thede Loder
- [Bimi] Forest vs. Trees Dave Crocker
- Re: [Bimi] Where do the signed certificates come … Tim Hollebeek
- Re: [Bimi] Where do the signed certificates come … Richard Clayton
- Re: [Bimi] Where do the signed certificates come … Richard Clayton
- Re: [Bimi] Where do the signed certificates come … Thede Loder
- Re: [Bimi] Forest vs. Trees Seth Blank
- Re: [Bimi] Forest vs. Trees Dave Crocker
- Re: [Bimi] Where do the signed certificates come … Thede Loder
- Re: [Bimi] Where do the signed certificates come … Dave Crocker
- Re: [Bimi] Where do the signed certificates come … Richard Clayton
- Re: [Bimi] Forest vs. Trees Thede Loder
- Re: [Bimi] Forest vs. Trees Dave Crocker
- Re: [Bimi] Where do the signed certificates come … Thede Loder
- Re: [Bimi] Where do the signed certificates come … Dave Crocker
- Re: [Bimi] Where do the signed certificates come … Richard Clayton
- Re: [Bimi] Where do the signed certificates come … Thede Loder
- Re: [Bimi] Where do the signed certificates come … Thede Loder
- Re: [Bimi] Where do the signed certificates come … John R Levine
- Re: [Bimi] Where do the signed certificates come … Dave Crocker
- Re: [Bimi] Where do the signed certificates come … Thede Loder