IETF Logo Mail Archive

Re: [Bimi] Bimi Goals (was: Re: Thoughts about MUA/BIMI)

John C Klensin <john-ietf@jck.com> Fri, 12 August 2022 17:27 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6518AC15C520; Fri, 12 Aug 2022 10:27:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XncLbIore-vb; Fri, 12 Aug 2022 10:27:15 -0700 (PDT)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BF71C15A73D; Fri, 12 Aug 2022 10:27:14 -0700 (PDT)
Received: from [198.252.137.10] (helo=PSB) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1oMYRF-000M8I-Bu; Fri, 12 Aug 2022 13:27:13 -0400
Date: Fri, 12 Aug 2022 13:27:07 -0400
From: John C Klensin <john-ietf@jck.com>
To: "Brotman, Alex" <Alex_Brotman=40comcast.com@dmarc.ietf.org>, "BIMI (IETF) (bimi@ietf.org)" <bimi@ietf.org>
Message-ID: <494098D0C7B06400A7C08303@PSB>
In-Reply-To: <MN2PR11MB4351D981953EFD96C3E4A301F7679@MN2PR11MB4351.namprd11.prod.outlook.com>
References: <MN2PR11MB435138DB4A7161A506B8CD25F7649@MN2PR11MB4351.namprd11.prod.outlook.com> <ea58765e-c46a-8f29-8af6-3373db343c27@dcrocker.net> <MN2PR11MB4351D981953EFD96C3E4A301F7679@MN2PR11MB4351.namprd11.prod.outlook.com>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/w3t4jmw2dPL4ks0cezAI813KMCs>
Subject: Re: [Bimi] Bimi Goals (was: Re: Thoughts about MUA/BIMI)
X-BeenThere: bimi@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bimi>, <mailto:bimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi/>
List-Post: <mailto:bimi@ietf.org>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bimi>, <mailto:bimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Aug 2022 17:27:19 -0000

Alex,

However, the key point I think Dave was trying to make (I'm sure
he will correct me if I misinterpreted him) was that, if the
goal is to convey a standardized (and, I would add, provably
authorized) image from sender to recipient, then imposing DMARC
as an a-priori requirement prevents consideration of options
that might work better or involve less complexity.  That is
independent of whether there are better options out there that
do not involve DMARC (even though I've become convinced there
are) -- the cutting off of discussion of such options is the
problem.

And, from that standpoint, making the goal "promote DMARC"
rather than just "use DMARC at part of an approach" seems even
worse, especially in the context of the IETF having an active WG
dedicated to sorting out perceived deficiencies in DMARC.

best,
  john


--On Friday, August 12, 2022 16:37 +0000 "Brotman, Alex"
<Alex_Brotman=40comcast.com@dmarc.ietf.org> wrote:

> 
> BIMI, as currently designed, does not function without DMARC.
> When a domain adopts BIMI (and by requirements, publishes a
> DMARC of q/r for the OrgDom), every MBP who utilizes DMARC on
> inbound messaging receives the benefit of that domain having
> moved to an enforcing policy.  That happens regardless of
> whether that MBP utilizes BIMI for their users.  To me, that
> seems fairly important.  The order as stated below is
> irrelevant (and they weren't meant to be ordered by
> importance).
> 
> --
> Alex Brotman
> Sr. Engineer, Anti-Abuse & Messaging Policy
> Comcast
> 
> From: Dave Crocker <dhc@dcrocker.net>
> Sent: Friday, August 12, 2022 11:22 AM
> To: Brotman, Alex <Alex_Brotman@comcast.com>; BIMI (IETF)
> (bimi@ietf.org) <bimi@ietf.org> Subject: Bimi Goals (was: Re:
> [Bimi] Thoughts about MUA/BIMI)
> 
> On 8/11/2022 7:21 AM, Brotman, Alex wrote:
> 
> Consider we have two primary goals (in short form):
> 
>   1.  Drive DMARC adoption
>   2.  Associate an image with properly authenticated messages
> 
> Alex,
> 
> Looking at the Bimi technical details, one sees a mechanism to
> permit a standardized way of conveying a marketing image from
> its owner to a recipient, in aid of privileged display.  It
> is, therefore, simply a mechanism to increase marketing
> 'impressions'.
> 
> That some folk working on Bimi have a hope that its use will
> produce better adoption of some existing email authentication
> mechanisms is nice -- albeit, a fragile hope, in the absence
> of a demonstrated history of such an effort succeeding -- but
> it is outside of the technical and operational basics of Bimi.
> Adoption and use of Bimi can be significantly successful, in
> terms of facilitating marketing impressions, while having no
> meaningful effect on the global use of email authentication.
> 
> At the very least, that means the ranking order you have given
> is wrong.
> 
> But there also seems to be some indication that the fragile
> goal is being used to justify sub-optimal engineering design
> and to justify rejecting better design.
> 
> d/
> 
> --
> 
> Dave Crocker
> 
> Brandenburg InternetWorking
> 
> bbiw.net

v2.23.0 | Report a Bug | By Email