Re: [Secdispatch] [saag] The Mathematical Mesh

Phillip Hallam-Baker <> Wed, 24 April 2019 17:49 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9BCE712009E; Wed, 24 Apr 2019 10:49:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.648
X-Spam-Status: No, score=-1.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XVfS3A34cFeX; Wed, 24 Apr 2019 10:49:05 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2EE9F120117; Wed, 24 Apr 2019 10:49:05 -0700 (PDT)
Received: by with SMTP id v7so15000247oie.8; Wed, 24 Apr 2019 10:49:05 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JLs7u6n0BLda+NKMeHxRGEXqjKQHeTSuL5qvBZULy5Y=; b=qKJB38gEvewNp2jk8Jxuv6DoZThNJpLir7P4vabtXiIt1EYnHsZe7JhM+9HNJQd3P0 gFetEmg8DIJi7xx0bkh+3/6R/jAxyn0Fp5sID+ayDDmJi0DigQp/w/bSWdtFVRD3EiCH gb4tJVH2j6iByKM1zycK6C6KmnXztngOxQ46Ll9u7hFBk/5/vdouZJJKqUW3B8/PWo59 V/thnXEKAAA2jPkW9myBOClto6Wmbk7ECb65OP83NPWp6DeE88fzXPh9w2kJCmhJDedL i3RcvHIVjnWfltXYUTPDairZ/73XelciquQjSbpD/g4CYE5nw2vcG5tooJ9Se1HDq3Kk QFgA==
X-Gm-Message-State: APjAAAXhfJjfvQvzt47jR7enOQSARGQdTvhcuRdNleXNP1LiExpT5dFy bxM/4KiXm4uQdbGVbOfodBC0I6b/ji5ptRbmmX0=
X-Google-Smtp-Source: APXvYqzte1uUtHyoA0sIWq6BkAkqbAvNSoWSqW4w+aFHDCQzkDEX3llRNWUNOoRJmh2a+IqOJHX05r56zFAZlmWkkpc=
X-Received: by 2002:aca:c68b:: with SMTP id w133mr221595oif.58.1556128144012; Wed, 24 Apr 2019 10:49:04 -0700 (PDT)
MIME-Version: 1.0
References: <> <20190422190302.GA3137@localhost> <> <> <> <> <> <>
In-Reply-To: <>
From: Phillip Hallam-Baker <>
Date: Wed, 24 Apr 2019 13:48:53 -0400
Message-ID: <>
To: Ben Laurie <>
Cc: Ben Laurie <>,, IETF SAAG <>
Content-Type: multipart/alternative; boundary="0000000000003fbc1405874a514d"
Archived-At: <>
Subject: Re: [Secdispatch] [saag] The Mathematical Mesh
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 24 Apr 2019 17:49:06 -0000

On Wed, Apr 24, 2019 at 12:52 PM Ben Laurie <> wrote:

> On Wed, 24 Apr 2019 at 17:47, Phillip Hallam-Baker <>
> wrote:
>> But right now the situation is that it took me over 15 minutes to
>> configure Thunderbird to use S/MIME. And I know what I am doing. It is a 17
>> step process that requires use of a Web browser and email client and
>> multiple switches between the two. It took me another ten minutes to find
>> the instructions.
>> When the current situation is that users are required to poke themselves
>> in the eye with a sharp stick to get end-to-end security, it doesn't take
>> very much to improve on that.
> I don't disagree with this, either. I do object, however, to assertions
> that things are obviously usable.

My assertion was 'easier' not 'usable'. If a process has 17 steps and 16
are unnecessary, I don't need to do usability testing to know that it will
be easier to use if we eliminate them.

Well let me tell you what I am going to be doing on Sunday. I am going to
be taking the scafolding out of where it is stored in the garage and
building a tower in the master suite so that I can take down the #W$)(%$
Nest Protect device and update the WiFi settings to use a different WiFi
access point after the old one was stolen.

Someone obviously did a heck of a lot of user testing on the device but
they never thought about the management and maintenance features that would
be needed in the real world.

I have connected my device to my WiFi network three separate times. Why
does your product insist on tearing up my work and throwing it in my face?
You control both the device and the app used to establish the connection.
If you switched to using the Mesh approach, I would not need to repeat the
process yet again. (And incidentally, the connection process does use QR
codes and there is probably no need to change the user experience to enable
use of a standards based approach)

It is not just your company that has a problem with usability, Apple does
as well. I have to go and help people configure the television because the
Apple TV assumes that a person watching television can see well enough to
read. Which might sound like a really good assumption until a 90 year old
partially sighted deaf person wants to watch CNN. I would really like to be
able to set out a control that has a limited number of buttons that
directly provide the functions he needs but that would require a four or
five figure investment in coding on my part.

And the reason I brought up Apple and Nest is that they are produced by the
companies that are the leaders in the usability field.

But here is the thing, I don't think it was the usability testing that made
the difference so much as the knowledge that the polo shirted one would
have a screaming tantrum if someone had to climb a ladder to reconfigure a
device whose very function requires that it be installed in the ceiling.

The reason that the World Wide Web exists at all is that Tim Berners-Lee
ignored the sage advice of the hypertext community that referential
transparency was essential and pressed ahead with 'scruffy links'. Nobody
did usability testing to decide whether the gopher or Web UI was the
approach to follow until long after we knew the answer.

My criticism of usability testing is this: we do not find out if buildings
will stay up by building them and seeing if they fall down. That is exactly
how it was done in the past which is why the Bent Pyramid collapsed during

Usability testing is the scientific approach. We should have moved past
science and started practicing engineering. We should be able to predict
with some confidence how users will react by applying principles learned
from individual tests.

Some classes of usability failure are quite easy to analyze. If a user
faces two potential situations, case A and case B where one will lead to
disaster and the other will perform the intended task and has no means of
distinguishing these cases, the product is defective.

Right now, I have no means of knowing if an email from my bank is actually
an email from my bank or not. And that should be considered a problem. The
problem I have with discussions of usability is that the argument is made
that because we might not be able to serve every user we should just give
up and never try to change anything.

Like I said, if you want to propose changes to the protocol based on
testing or even just based on advice from usability specialists, I am more
than interested. But right now, the Mesh Reference Code is a command line
tool and I am pretty sure that is not going to be the means of delivery
that is most useful for end users.

It is however the most useful means of delivery for people who want to
build the Mesh into other applications and tools which is why we stopped
developing the GUI tool and wrote the command line tool instead.