Re: [Bimi] (non)desire for bimi
Dave Crocker <dhc@dcrocker.net> Thu, 14 February 2019 18:35 UTC
Return-Path: <dhc@dcrocker.net>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3418913104C for <bimi@ietfa.amsl.com>; Thu, 14 Feb 2019 10:35:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dcrocker.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K6VOJwqCcPKO for <bimi@ietfa.amsl.com>; Thu, 14 Feb 2019 10:35:33 -0800 (PST)
Received: from simon.songbird.com (simon.songbird.com [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4F8F12D829 for <bimi@ietf.org>; Thu, 14 Feb 2019 10:35:33 -0800 (PST)
Received: from [192.168.1.168] (76-218-8-128.lightspeed.sntcca.sbcglobal.net [76.218.8.128]) (authenticated bits=0) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1.1) with ESMTP id x1EIaqen023380 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 14 Feb 2019 10:36:52 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dcrocker.net; s=default; t=1550169413; bh=2C+/rzYT0tPxB5zraL3AcD0FWxdFbygsJJYbAhvQyKU=; h=Subject:To:References:From:Cc:Reply-To:Date:In-Reply-To:From; b=AK1rQKPNFJIwoaan2SRqk4bzMjaGCURN1Ysyt0H9e/tgcNdw1i0jaCocXMHlzorg+ 7u+V2fejzVb2fW7tnPavBMrWXV7FHRbp8uBsKF22ffocTbr1coiu5Ab68scZGSQ5ja 34rUNQ0bQlZ9HGOk57x5caJ4KOMUSYS66ZIdPrKE=
To: Terry Zink <tzink=40terryzink.com@dmarc.ietf.org>
References: <20190214175243.950C2200E509D1@ary.qy> <aac6ca77-a8f7-7628-fc0d-18ab616659f2@dcrocker.net> <BL0PR11MB3107E380194F10A297485BBCA9670@BL0PR11MB3107.namprd11.prod.outlook.com>
From: Dave Crocker <dhc@dcrocker.net>
Cc: "bimi@ietf.org" <bimi@ietf.org>
Reply-To: dcrocker@bbiw.net
Organization: Brandenburg InternetWorking
Message-ID: <b52b05d3-9c25-fdf5-32c2-e39b5dc0f6d8@dcrocker.net>
Date: Thu, 14 Feb 2019 10:35:22 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0
MIME-Version: 1.0
In-Reply-To: <BL0PR11MB3107E380194F10A297485BBCA9670@BL0PR11MB3107.namprd11.prod.outlook.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/ikhD1gCvpzqTk4obzGfkW0p7XGA>
Subject: Re: [Bimi] (non)desire for bimi
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Feb 2019 18:35:36 -0000
On 2/14/2019 10:23 AM, Terry Zink wrote: > Thanks John, and Dave. > >> 1. An axiom in usability research is to not treat developers or >> researchers as subjects (unless they really are the target audience.) >> In terms of cognitive detail and usage style, such folk differ >> substantially from the general user population. >> >> Simply put, you or I or John do not matter in this calculus. We are the >> essence of a biased sample... > > I agree, which is why I said earlier that I am not representative of the > entire space. Except that you only cited yourself and then said "How does this not show demand?" You started with "To me, it seems intuitively obvious." If there is anything in usability design that would qualify as speech of the devil, that sentence probably qualifies. Usability design often needs to make choice that goes exactly against what is "intuitive" to one person or another. By way of example, there is a common view that giving end users more information is always a good thing, but this flies in the face of well-understood cognitive limits. > Yes, there are some people that don't like this type of UX. And with > BIMI, you'll still be able to use the same software that doesn't show > images, HTML, sender photos, etc. There's no change there. This is another fundamental usability design error: thinking that adding something is fine because users can turn it off. This burdens users, and often creates a barrier because they don't know how to fix it or even that they can. >> It makes it in effect another web bug. > > Hmm... > > That heavily depends upon implementation. A web bug, as I understand it, > helps to track user behavior - did the user open up my mail? While I > concede that BIMI could be used this way, it's not a particularly > effective way to do it. So you are countering a security concern by saying that we should not worry about it because there are other vectors you consider better? This suggests that additional attack vectors aren't to be worried aboout, as long as easier ones are available? > Most large receives wouldn't serve up a BIMI logo from the actual > location pointed to by headers/DNS records each time they needed it. I don't understand how this point is relevant to the underlying concern. How is a statement predicated on "most" a useful security concern counter? It almost sounds as if systems not part of that 'most' don't matter... d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
- [Bimi] (non)desire for bimi Stephen Farrell
- Re: [Bimi] (non)desire for bimi Terry Zink
- Re: [Bimi] (non)desire for bimi John Levine
- Re: [Bimi] (non)desire for bimi Dave Crocker
- Re: [Bimi] (non)desire for bimi Terry Zink
- Re: [Bimi] (non)desire for bimi Dave Crocker
- Re: [Bimi] (non)desire for bimi Richard Clayton
- Re: [Bimi] (non)desire for bimi Stephen Farrell
- Re: [Bimi] (non)desire for bimi Thede Loder
- Re: [Bimi] (non)desire for bimi Thede Loder
- Re: [Bimi] (non)desire for bimi Terry Zink
- Re: [Bimi] (non)desire for bimi Dave Crocker
- Re: [Bimi] (non)desire for bimi Stephen Farrell
- Re: [Bimi] (non)desire for bimi Terry Zink
- Re: [Bimi] (non)desire for bimi A. Schulze
- Re: [Bimi] (non)desire for bimi Marcel Becker
- Re: [Bimi] (non)desire for bimi Dave Crocker
- Re: [Bimi] (non)desire for bimi Stephen Farrell
- Re: [Bimi] (non)desire for bimi Marcel Becker
- Re: [Bimi] (non)desire for bimi Dave Crocker
- Re: [Bimi] (non)desire for bimi Thede Loder
- Re: [Bimi] (non)desire for bimi Dave Crocker
- Re: [Bimi] (non)desire for bimi Thede Loder
- Re: [Bimi] (non)desire for bimi Thede Loder
- Re: [Bimi] (non)desire for bimi Dave Crocker
- Re: [Bimi] (non)desire for bimi Dave Crocker
- Re: [Bimi] (non)desire for bimi Richard Clayton
- Re: [Bimi] (non)desire for bimi Thede Loder
- Re: [Bimi] (non)desire for bimi Thede Loder
- Re: [Bimi] (non)desire for bimi Stephen Farrell