IETF Logo Mail Archive

Re: [Bimi] (non)desire for bimi

Thede Loder <thede@skyelogicworks.com> Mon, 18 February 2019 01:55 UTC

Return-Path: <thede@skyelogicworks.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED249130EA8 for <bimi@ietfa.amsl.com>; Sun, 17 Feb 2019 17:55:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=skyelogicworks.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QWccsqJY2oQB for <bimi@ietfa.amsl.com>; Sun, 17 Feb 2019 17:55:14 -0800 (PST)
Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC0B8130DC9 for <bimi@ietf.org>; Sun, 17 Feb 2019 17:55:13 -0800 (PST)
Received: by mail-qt1-x82a.google.com with SMTP id z39so17638215qtz.0 for <bimi@ietf.org>; Sun, 17 Feb 2019 17:55:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skyelogicworks.com; s=google; h=from:content-transfer-encoding:mime-version:subject:date:references :to:in-reply-to:message-id; bh=YvxSWaUR9/gPnpEXBmV4kID+1tetfh/w/m7UOA8lubM=; b=JbhXkog87VLn7tluB37xG4aoZO2a360xE2PkRb0imQV8USzLFnauaCaBkqbpcplCxr ox+Hf2dXjh9Np8IEeWJaz6Z6V3E4j580AA+S2tm0tyfyir5fAIX+kwbrd0tuXRCx03N0 CSBSMebyMLcTvXAYYtk+g4cq6+DgBNB97+IXY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:date:references:to:in-reply-to:message-id; bh=YvxSWaUR9/gPnpEXBmV4kID+1tetfh/w/m7UOA8lubM=; b=mHk4RNek7NJMEULXPyUxBi7EGrXo6OTBoUXJU8qiPiXU6p6agikXbZE0R+PFOtuoTv J8SYlkMslKidKzToG7OUIws957XbvwdEVBDAdZzMijuHYLLuizfp/NfIMGeGKBhiz2MQ OuIdPB5e+A9kEXZQrrcfv0jC3zs7w09Uou7InuQpD/vtg8A6Dhx4ASpaIIMDzvbh5FP/ F6SHYKi3yzvsPujuOyGZREO6QfOLAMU5nMONe+wfakO4QlgOsUXu9zPGIQdzJDvehpWx DbqVptLCaTk21UVi06j6eWxeEwQaYRzIjU6UbWU2+VJcw5wE+5+R8ji0a3aA4gfPSvlb xcBw==
X-Gm-Message-State: AHQUAuZBNjKzmwMayFQaY6EIzTkUi1uP9UnuhrCjJFcdNrAqOfb4R198 28WKvT4MjMek/zwdvlcS3xec4Rg1Gp8=
X-Google-Smtp-Source: AHgI3Ib6qs19V1oJG6UcNPpoa6Xhudg+u2r73jhRzkC/E8MGZ4GEXM/8PJ7Z0Jsto4//seXKue+rLA==
X-Received: by 2002:a0c:b39e:: with SMTP id t30mr15412924qve.206.1550454912087; Sun, 17 Feb 2019 17:55:12 -0800 (PST)
Received: from macbook-pro.localdomain (cpe-45-37-171-73.nc.res.rr.com. [45.37.171.73]) by smtp.gmail.com with ESMTPSA id d55sm7662605qtb.93.2019.02.17.17.55.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 17 Feb 2019 17:55:11 -0800 (PST)
From: Thede Loder <thede@skyelogicworks.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
Date: Sun, 17 Feb 2019 20:55:09 -0500
References: <aa919aeb-caa1-6494-259d-a553b238c268@cs.tcd.ie> <3d9231e9-6936-cc02-000e-a4d7df919bb4@andreasschulze.de> <CAAYvrBvGediUY1W9PZ+JuS585Mk8wxLpFq7TZELSOF-NSp5CyQ@mail.gmail.com> <5c7a10e3-47a0-e84a-d78a-dea5c44fb2ae@dcrocker.net> <CAAYvrBumzJrj51VdOYEf_Tmo4X-MhvfuabWHb_p5embAe0uAow@mail.gmail.com> <0245cd12-2965-86ca-78e4-b3b1996e6efe@gmail.com>
To: bimi@ietf.org, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Dave Crocker <dcrocker@gmail.com>, Marcel Becker <marcel.becker@oath.com>
In-Reply-To: <0245cd12-2965-86ca-78e4-b3b1996e6efe@gmail.com>
Message-Id: <A08D52DA-AC05-4A6A-BF9C-AEF2239E8F61@skyelogicworks.com>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/WvqImW_MgoFmwlxPHc7ez0mBLUA>
Subject: Re: [Bimi] (non)desire for bimi
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Feb 2019 01:55:16 -0000


> On Feb 16, 2019, at 12:03, Dave Crocker <dcrocker@gmail.com> wrote:
> On 2/16/2019 8:24 AM, Marcel Becker wrote:
>> On Feb 16, 2019, at 08:11, Dave Crocker <dhc@dcrocker.net> wrote:
>>> Except, of course, that it will not have that effect on users, because there is extensive experience demonstrating that users mostly do not learn or use such signals.
>> While I usually tend to agree with that statement it is — in that
>> absolut form — not necessarily true. We know that, given time, users
>> are quite capable of learning and using such signals. When
>> specifically designed for that task.
> 
> 
> In real life, for this kind of task, no, they aren't.
> 
> On the average, they don't have an adequate threat model, they do not understand the security mechanisms, and they do not allocate the necessary time and effort to making the real-time decision.
> 
> If you have evidence of average users making security-related decisions in real-time -- in the midst of boring, daily tasks -- please provide it.


If end users treat messages with or without logos exactly the same, through what means will end users be made worse off or less safe when BIMI-sourced logos are widely used?  

Thede


> d/
> 
> -- 
> Dave Crocker
> Brandenburg InternetWorking
> bbiw.net
> 

—
Thede Loder
Managing Director, Skye Logicworks LLC
E: thede@skyelogicworks.com
M: +1-415-420-8615

v2.23.0 | Report a Bug | By Email