IETF Logo Mail Archive

Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

Dave Crocker <dhc@dcrocker.net> Fri, 06 September 2013 14:56 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 541E411E8196 for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 07:56:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.561
X-Spam-Level:
X-Spam-Status: No, score=-6.561 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ft9lfJKBT7gI for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 07:56:13 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id EEFA311E825E for <ietf@ietf.org>; Fri, 6 Sep 2013 07:56:05 -0700 (PDT)
Received: from [192.168.1.66] (76-218-9-215.lightspeed.sntcca.sbcglobal.net [76.218.9.215]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id r86EtxXs030048 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 6 Sep 2013 07:56:02 -0700
Message-ID: <5229ECF0.3040409@dcrocker.net>
Date: Fri, 06 Sep 2013 07:55:44 -0700
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Jorge Amodio <jmamodio@gmail.com>
Subject: Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA
References: <5F053C0B-4678-4680-A8BF-62FF282ADDCE@softarmor.com> <alpine.BSF.2.00.1309051743130.47262@hiroshima.bogus.com> <52293197.1060809@gmail.com> <5C7FECAB-8A22-4AF1-B023-456458E1B288@nominum.com> <522949C2.8010206@gmail.com> <5229AEDE.8090202@cisco.com> <CAMzo+1Z7bEmKuBE9Hkx1pTQnZVPajxCWGBN3JF=pAPFwUrN=pQ@mail.gmail.com>
In-Reply-To: <CAMzo+1Z7bEmKuBE9Hkx1pTQnZVPajxCWGBN3JF=pAPFwUrN=pQ@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.66]); Fri, 06 Sep 2013 07:56:02 -0700 (PDT)
Cc: Dean Willis <dean.willis@softarmor.com>, "ietf@ietf.org Discussion" <ietf@ietf.org>, stbryant@cisco.com
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 14:56:19 -0000

On 9/6/2013 5:51 AM, Jorge Amodio wrote:
>
> IMHO. There is no amount of engineering that can fix stupid people doing
> stupid things... on both sides of the stupid line.


Correct.  Within the IETF, the most serious example of stupidity is any 
line of analysis that considers end-users to be stupid or lazy, rather 
than treating them as system components with various pragmatic 
constraints, just like any other system component.

So the real challenge is for us to be clear about the pragmatics when we 
talk about end-users.  Here the real problem is that the pragmatics are 
only superficially understood, even by the usability (HCI, UXD, UCE, 
UCD...) experts.

That points to a second serious challenge, namely that we can't know 
very well what will work for end-users and what won't.

The model that I've described for some years is that the best user 
design cognitive processing models -- processing limits, memory limits, 
attention limits, etc. -- about end-users suggest reasonable theories 
for /starting/ designs, but never ensure good /final/ designs.  That 
requires testing.

At this summer's SOUPS conference I floated this summary past a variety 
of senior Usable Security folks during one of the sessions and folks 
generally nodded in agreement.

In other words, the IETF needs to assume that we don't know what will 
work for end users and we need to therefore focus more on processing by 
end /systems/ rather than end /users/.

We also need to avoid the 'then a miracle happens' faith that end system 
designers will magically figure out the best user interface design for 
security, since they have failed at that for the last 25 years; they'll 
eventually succeed but they haven't, so far.

d/


-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net

v2.23.0 | Report a Bug | By Email