Re: [Endymail] Another view of the problem and what the IETF could do

Leo Vegoda <leo@vegoda.org> Thu, 04 September 2014 13:27 UTC

Return-Path: <leo@vegoda.org>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21A241A88C1 for <endymail@ietfa.amsl.com>; Thu, 4 Sep 2014 06:27:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.3
X-Spam-Level:
X-Spam-Status: No, score=-2.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9i22yczUvArp for <endymail@ietfa.amsl.com>; Thu, 4 Sep 2014 06:27:21 -0700 (PDT)
Received: from mail-pd0-f171.google.com (mail-pd0-f171.google.com [209.85.192.171]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 170D51A88BA for <endymail@ietf.org>; Thu, 4 Sep 2014 06:27:13 -0700 (PDT)
Received: by mail-pd0-f171.google.com with SMTP id y13so13565562pdi.16 for <endymail@ietf.org>; Thu, 04 Sep 2014 06:27:11 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition :content-transfer-encoding:in-reply-to:user-agent; bh=hBjRuPY2WwOsyNr74GGVKADwXUfEGqZFQgkypNBAJys=; b=E6B1L6/uer6ugEJjzlCtqjzHt8mexL9y/XzFKBp32rrpuOtsIB0O+eu5TcMLaKt+4y OhQdUQCdGc56MyzL3zALBAy5zuA1DOyUs8+fPaOQ3EOKy9E6RiRnYURZdKsYtPSCyrl4 v66UaZF2etcvdSIorrUbfNPI2PGV1Is+DCnvC8W/YPOglkZjaQUftiRFplt1ESuqt11u qM4oweARmSTY3PPmcoZMX7n/I61VircZOfozUx9rCnNPaisdV+dS1BykPOUB8uwkiR9L Blji8237/TD1inqjXi20SeD3VRuf3Yisd+yPk8Y1ZW8wnz5FLyKaejeQP2vGddI2h5d5 aIrA==
X-Gm-Message-State: ALoCoQkF8tbA+9iI1ehgPE9xQcZ2dQze6zFlR37XugBUQS8BS3oJ43dTboA3g7qwrd7ZYZlewjb9
X-Received: by 10.70.43.100 with SMTP id v4mr7911669pdl.108.1409837230286; Thu, 04 Sep 2014 06:27:10 -0700 (PDT)
Received: from vegoda.org ([2605:e000:5903:f500:e866:25bb:bff:933]) by mx.google.com with ESMTPSA id pn13sm1725436pdb.53.2014.09.04.06.27.09 for <multiple recipients> (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Thu, 04 Sep 2014 06:27:09 -0700 (PDT)
Date: Thu, 4 Sep 2014 06:27:05 -0700
From: Leo Vegoda <leo@vegoda.org>
To: Michael =?utf-8?B?S2rDtnJsaW5n?= <michael@kjorling.se>
Message-ID: <20140904132705.GC3277@vegoda.org>
References: <CAHBU6iuxfqs9RszSaJLaTV_obKBCJ9Pzii+t9XANN3q+bJm-3Q@mail.gmail.com> <5404A3A3.9050506@cisco.com> <A8423D66-369A-4511-8A4C-EE4545E49111@adamcaudill.com> <3093EBC2-B370-4675-B53D-20162E3D0CC9@gmail.com> <20140904131856.GM603@yeono.kjorling.se>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20140904131856.GM603@yeono.kjorling.se>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/gAa2wgf6zvdjNIgxIa8S4VaTiiA
Cc: endymail@ietf.org
Subject: Re: [Endymail] Another view of the problem and what the IETF could do
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>, <mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>, <mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Sep 2014 13:27:23 -0000

On Thu, Sep 04, 2014 at 01:18:56PM +0000, Michael Kjörling wrote:

[...]

> > For in person trust anchor exchange, QR codes are the way to go.
> 
> Only if you're willing to basically limit "whatever we end up
> discussing" to people who have the ability to process a random
> encountered QR code in the field. While smartphones and ubiquitous
> networking is common in many Western countries, designing a protocol
> around only that seems rather excluding. Just to mention one example,
> I myself would have no way to process that QR code, and found myself
> in a discussion on a non-technical mailing list the other day where
> several people commented about either not having cell phones at all,
> or having only old "dumb phone" style phones.
> 
> Do we want to exclude those people from establishing that trust
> anchor?

Is it sensible to design a technology based around currently
deployed capabilities or oshould the design assumptions extend to
those capabilities that are likely to exist at the conclusion of the
work or shortly afterwards?

I know there are reasons that people might not want to use
cameraphones in some industries, and that might well limit the
utility of QR codes. However, it seems reasonable to anticipate
cameraphone technology reducing in price and becoming more
widespread in the next five years.