IETF Logo Mail Archive

BIMI: Re: tone policing

Phillip Hallam-Baker <phill@hallambaker.com> Tue, 10 September 2019 17:07 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 251D9120074 for <ietf@ietfa.amsl.com>; Tue, 10 Sep 2019 10:07:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.914
X-Spam-Level:
X-Spam-Status: No, score=-1.914 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D6iNs2ATEAdi for <ietf@ietfa.amsl.com>; Tue, 10 Sep 2019 10:07:33 -0700 (PDT)
Received: from mail-ot1-f46.google.com (mail-ot1-f46.google.com [209.85.210.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5ABFA120058 for <ietf@ietf.org>; Tue, 10 Sep 2019 10:07:33 -0700 (PDT)
Received: by mail-ot1-f46.google.com with SMTP id h17so15850825otn.5 for <ietf@ietf.org>; Tue, 10 Sep 2019 10:07:33 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=FpbZ4G7LN9xmtBGZ/Tx5tL6GFNkUbU7c3qU5bR30Kj8=; b=QGrARY5VBqDJ7GYOv8qmZDAO0m33AvtAeqwu3TSctV86gt25DDcDm4jk0YLDpp1AUK 6pb9LAYiktONBoSzUAOj+ywBLZBqIulUYoF0WuXm0O70Zh/ByTKLP5lOhWzWn8OU6T7c rP95Yn356S98T2pnFTpmbCL5W4Irbiur2o6+cf7QJgmdpZdB4+owvMefOB+osouJt/uq HqAetMgvzqpsv2wI1pxBZ7We0bNb2N4je7cUrcujl0Ht3v5HmdxQo8P27grZVaJ+lIG4 dC7RwQu67lXoxnGrOxAoFyyGz2XswLWpF4pUSBMu3baNS7IDM8t7OLIa6o7gCRp39AQM v/QA==
X-Gm-Message-State: APjAAAUEMEDLxBtiRWrZdgWo94dq1oCC9st6gYd20ENKAmBnRi5jxftQ avSxWvBvTlMj9jbOhM/rmlE+ocU3U0c5/ghbJs6q45W6
X-Google-Smtp-Source: APXvYqwhaPFP24BCMsE83bUjOmr4VetNoMDP6TSA6MQQbDMkqKyFct9n18/T5yg7NI1L8dkrghb5vVaJ7gdCf/SQs/g=
X-Received: by 2002:a9d:4786:: with SMTP id b6mr22012973otf.112.1568135252559; Tue, 10 Sep 2019 10:07:32 -0700 (PDT)
MIME-Version: 1.0
References: <F2D6FBAB-7DED-41AE-9560-4D0D13B15107@ericsson.com> <1BF349D9-8ABB-4844-965A-A43964E18A41@fugue.com> <29c10b3d-8f48-8888-68c9-7390b1e4df5d@network-heretics.com> <ae8353f1-adf9-c615-a721-9fba85b40d5c@foobar.org> <059707fd-afea-e4b4-fa77-967e38206c52@network-heretics.com> <737e066d-4646-7021-3466-6a66f8f0a28e@lounge.org> <259BC9E3-EE7B-4152-8BDD-3900D2D75775@network-heretics.com> <B13131F3-BFB5-4C97-B5A4-E96C34CDAB7C@akamai.com> <4cc1dcb9-ae84-2cef-6439-247a5ccd41af@network-heretics.com> <A166D628-8356-4E72-A302-4E45988C1BDB@akamai.com> <daa6c925-8306-cb91-b5a0-bb8c7450eafc@lounge.org> <a7a9f058-0acf-fa3b-c96e-c2504caf497e@joelhalpern.com> <dd76cd73-e194-2f45-aa45-39be604cd1d2@lounge.org> <98f7c385-c06a-464d-92fb-13e0b4495e0d@www.fastmail.com>
In-Reply-To: <98f7c385-c06a-464d-92fb-13e0b4495e0d@www.fastmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Tue, 10 Sep 2019 13:07:22 -0400
Message-ID: <CAMm+LwiqSfLQn0gqUs_2kAumo8KOSMwy-OCDGt+F4fWAhWsb0g@mail.gmail.com>
Subject: BIMI: Re: tone policing
To: Bron Gondwana <brong@fastmailteam.com>
Cc: IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b04ac5059235f048"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/w37QSElgepcLZklyGMLTH1FgOB4>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Sep 2019 17:07:36 -0000

On Mon, Sep 9, 2019 at 7:33 PM Bron Gondwana <brong@fastmailteam.com> wrote:

>
> I last saw something like that at the BIMI BOF in Prague at IETF104.  Not
> quite "the worst idea in the history of the IETF", but a very strong and
> emotional "this is a horribly bad idea and I strongly oppose the IETF doing
> any work in this area and I will fight you to the death and die on this
> hill".
>

I missed the BIMI BOF but that statement had me really thinking 'we should
do it!'. Nobody has ever told me something like that without them turning
out to be hilariously wrong.

So I found the spec:
https://datatracker.ietf.org/doc/draft-bkl-bimi-overview/

It is a real pity that I was not there because this is precisely the
problem that I originally called the meeting that resulted in CABForum
being formed for. If anyone has IPR concerns, they will find prior art in
my book The DotCrime Manifesto (2008).

The IETF has in fact already published RFCs that do precisely this. See RFC
3709:
https://tools.ietf.org/html/rfc3709

OK, so DMARC is slightly different method of delivery but we have all the
technical stuff done modulo uninteresting arguments over encoding. The hard
part has always been to specify the validation processes. If you want to
put a brand on an email you are going to have to validate it and that means
you are going to either have to adopt the strategies we developed for
VeriSign Class 3 in the 1990s or re-learn them.

If people would like to do this, the way that was discussed at CABForum was
to engage the WIPO Trademark Registry established under the  Madrid
Protocol. So basically, you perform Extended Validation criteria as per
normal and then compare the mark with the registration and establish proof
of right.

The division of work on such a scheme would have to be IETF restricts
itself to the technology and leaves the certificate policy issues to
CABForum. Because that is the division we have established.


So yes, we could actually do the proposal but I don't think it is the best
way to go about the end goal because of the deployment trap. Email is a
vast infrastructure and it is really hard to get any traction there because
anything you do is diluted.

The application I am looking to apply this to is a condensation of an idea
from the APWG which was for a 'constrained browser' without javascript that
would only be used for security sensitive applications like accessing bank
web sites. So I took the idea further and reduced the browser to the
absolute bare minimum which is to present the user with a HTML form which
says:

"Sign the latest release [Yes][No]"
"Add T-Mobile as Bill Payment Recipient [Yes][No]"
"Do you want to transfer $10,000 to the Nigerian Prince [Yes][No]"

That is something that can be displayed on a phone or a watch.

This is one of the new applications the Mathematical Mesh supports.

The number of companies supporting the new application would be small but
it would establish a constituency of validated brands and of users.

The constituency formed by the Mesh Confirmation Protocol could then be
used to enable something interesting in the mail messaging space. But I
think we are still looking at something that would be separate from the
SMTP email infrastructure for high value communications such as those
inside enterprises.

v2.23.0 | Report a Bug | By Email