IETF Logo Mail Archive

[Bimi] Forest vs. Trees

Dave Crocker <dhc@dcrocker.net> Mon, 11 February 2019 15:29 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9A59128B33 for <bimi@ietfa.amsl.com>; Mon, 11 Feb 2019 07:29:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dcrocker.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VDgQbJwjMDQa for <bimi@ietfa.amsl.com>; Mon, 11 Feb 2019 07:29:09 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33B2B126F72 for <bimi@ietf.org>; Mon, 11 Feb 2019 07:29:09 -0800 (PST)
Received: from [192.168.1.168] (76-218-8-128.lightspeed.sntcca.sbcglobal.net [76.218.8.128]) (authenticated bits=0) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1.1) with ESMTP id x1BFUUbn013879 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT) for <bimi@ietf.org>; Mon, 11 Feb 2019 07:30:30 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dcrocker.net; s=default; t=1549899030; bh=oxZOZorZKO2c+b0PGgu7rCZjX0xKY+U8FdbFTnIJM4M=; h=Reply-To:Subject:To:References:From:Date:In-Reply-To:From; b=jZlSHfKupmXdLFFfuJVlKtFBPo4dW5Lr4GNXviSz3l2wxaHkdk3McX8KL5gCJVjvZ a6DbymCwbd13570FVbVL4r/DEu2mMzAV4MPXQ/sS92hpjzFHR8hJzQALvzxUMwG4aV KjeO5khhBFcid0t/OxmaaS7gY9LNxN1J7mFRzwX4=
Reply-To: dcrocker@bbiw.net
To: bimi@ietf.org
References: <alpine.OSX.2.21.1902102338460.11704@ary.qy>
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
Message-ID: <5f0a62d9-b7c4-e6e0-7823-3723aa5cba32@dcrocker.net>
Date: Mon, 11 Feb 2019 07:29:02 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0
MIME-Version: 1.0
In-Reply-To: <alpine.OSX.2.21.1902102338460.11704@ary.qy>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/UVyUbyFnsWGXdoqbxznaI5uRmck>
Subject: [Bimi] Forest vs. Trees
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Feb 2019 15:29:12 -0000

Folks,


BIMI sits at the crossroads of challenging security and usability (human 
factors) issues.  It is far too easy to take the collection of submitted 
drafts and focus on their many details, without first establishing the 
basic functional goals and issues, design goals and issues, and 
operational goals and issues.

For all of the text that has been submitted, what is first needed is a 
document that discusses these at a level that allows meaningful 
consideration of its conceptual and operational foundations, so as to 
establish what aspects of BIMI are clear, well understood and tractable, 
vs. what aspects are not, and how the latter can reasonably be resolved.

Of course, the submitted drafts do contain some text tailored to this 
level of discussion, but only as an adjunct to the extensive detail in 
the specifications.  Hence they contain basic descriptions and 
assertions, but lack necessary detail and substantiation.

Merely by way of example, the opening sentence in the Abstract of 
draft-blank-ietf-bimi-00 says:

>    Brand Indicators for Message Identification (BIMI) permits Domain
>    Owners to coordinate with Mail User Agents (MUAs) to display brand-
>    specific Indicators next to properly authenticated messages.

So the principal actors are domain owners and MUAs?  That's probably not 
quite right, since there is reference to brands, without clarifying the 
relationship between brands and domain owners.  (What's intended is 
pretty obvious but actually needs extensive discussion, as John L's note 
from last night exemplifies.)

And then there's "properly authenticated messages" which is reasonable 
if the nature of "properly authenticated" is well understood, but which 
is we regularly see is highly problematic for an average reader who will 
think that the phrase means far more than it actually does.

Again, this is just an example.  Other summary text in the drafts 
invites similar concerns.

I strongly suggest collecting and developing such language into a 
separate, coherent concepts and facilities draft, so that discussion can 
focus on the BIMI forest, before inspecting its trees.


d/
-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email