Re: [Secdispatch] [saag] The Mathematical Mesh

Ben Laurie <> Wed, 24 April 2019 18:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7B4E4120118 for <>; Wed, 24 Apr 2019 11:01:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jhcHbDaOLVHw for <>; Wed, 24 Apr 2019 11:01:43 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::b34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 879B812011E for <>; Wed, 24 Apr 2019 11:01:43 -0700 (PDT)
Received: by with SMTP id e190so7462325ybf.2 for <>; Wed, 24 Apr 2019 11:01:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=phI0EIwQpAAsAqI+wyYi90h9Pb/udQGPegsf0KeZrQ0=; b=QS6RvMx+EIreyX9Hzs5Ak/K4NTlMtLJrHN2HP61yo5hHIPOs8aE7PlAHJMF+q75YQp DtzM/fnNF9kwlX2UdldFZ1KG9bQ6bFya0tJe1nuVXbAtG2YsT9+QMc+fKud6PB1vLGr1 +EwjEJnjE90f35qWggMGFfpmchBgN/vcu9CrU8BW3fYvgpa6dERiu7AWQxMPpSkIulFq KPZ647tncDKKLptPRmGesAt7iSJSOES855TbQ1SNPH3UDBdd8O3cElb+cl7z0SQXIZ7W +Xu8hsf0awtWjDRz1xOZuG9HTHHyLcs1Tl45/w2EJ9+V0oKeZmiAE5y9jIhDNXNgC6ik 0Tfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=phI0EIwQpAAsAqI+wyYi90h9Pb/udQGPegsf0KeZrQ0=; b=rA+tleckNRGz2SeyW0gH4/0Kmu2wF3mL7sjza2lzpQGuaCYfM8mlTSvRK2V771UkxF Nfcy9Cye6hOc3Q6f7z3G+1bFyW8CfvTCASwJFQgf1OWfP1bNdgHLtK0Dp9yqaWTD5Q6o kva9Mqrqyr+qKc+YIvjZ8LrWXxhQeFgN0fQ55QTXDHInMABlw7reONMRgG6jnWiiRE28 JByTCGXwh8rNA0OvMtHTgAIs3b3uHtV4SivHtlrVfu3QgA+DHoj5E/OYm7QqIxNG0P2x XWLQAn9SctLtGjzBfOy3U6Hyvi/v2/3HCKQS8L00lVdGIrCjaLntYoEPUMO2FtE9FeHM rciw==
X-Gm-Message-State: APjAAAW5vITQBc0Woyy1bimqtwb6aBREX4xLdTNVF9bV/s3mgzBVFy4u amOEUPyiIVU8AKiYh9M51uM5NLx9vDxUhweBKUY+Yow+R1k=
X-Google-Smtp-Source: APXvYqyoeJtO8TQvWStR5jsDWHQDbpEk0adahyKDBUstkk5Cr61TURUzhHQhvZ+CYcs2tm41eyPNNmASHwLq6PhFY68=
X-Received: by 2002:a25:b317:: with SMTP id l23mr3125809ybj.513.1556128902404; Wed, 24 Apr 2019 11:01:42 -0700 (PDT)
MIME-Version: 1.0
References: <> <20190422190302.GA3137@localhost> <> <> <> <> <> <> <>
In-Reply-To: <>
From: Ben Laurie <>
Date: Wed, 24 Apr 2019 19:01:28 +0100
Message-ID: <>
To: Phillip Hallam-Baker <>
Cc: Ben Laurie <>,, IETF SAAG <>
Content-Type: multipart/alternative; boundary="00000000000074533805874a7ea5"
Archived-At: <>
Subject: Re: [Secdispatch] [saag] The Mathematical Mesh
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 24 Apr 2019 18:01:47 -0000

On Wed, 24 Apr 2019 at 18:49, Phillip Hallam-Baker <>

> The reason that the World Wide Web exists at all is that Tim Berners-Lee
> ignored the sage advice of the hypertext community that referential
> transparency was essential and pressed ahead with 'scruffy links'. Nobody
> did usability testing to decide whether the gopher or Web UI was the
> approach to follow until long after we knew the answer.

This is a clear case of survivorship bias. The users did the usability
testing. WWW survived (despite being technically terrible in many ways),
the competitors did not.

> My criticism of usability testing is this: we do not find out if buildings
> will stay up by building them and seeing if they fall down. That is exactly
> how it was done in the past which is why the Bent Pyramid collapsed during
> construction.
> Usability testing is the scientific approach. We should have moved past
> science and started practicing engineering. We should be able to predict
> with some confidence how users will react by applying principles learned
> from individual tests.

Indeed, somewhat possible.

Some classes of usability failure are quite easy to analyze. If a user
> faces two potential situations, case A and case B where one will lead to
> disaster and the other will perform the intended task and has no means of
> distinguishing these cases, the product is defective.
> Right now, I have no means of knowing if an email from my bank is actually
> an email from my bank or not. And that should be considered a problem. The
> problem I have with discussions of usability is that the argument is made
> that because we might not be able to serve every user we should just give
> up and never try to change anything.

Well, the problem I have with discussions of usability is the argument is
made that we should leave that until all the tech is figured out, or that
we don't need to bother because the thing is obviously better. Going from
.1% to 1% is clearly an improvement, but it is not a solution.

BTW, my original question was not about QR codes (though I have my doubts
about those), but about this assertion about usability: "Otherwise, there
are many existing protocols that make comparison of 15-30 character base 32
encoded strings as the basis for mutual authentication and these have
proved effective and acceptable."

I am hiring! Formal methods, UX, management, SWE ... verified s/w and h/w.