Re: [Secdispatch] [saag] The Mathematical Mesh

Phillip Hallam-Baker <> Wed, 24 April 2019 21:15 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EB26E120290; Wed, 24 Apr 2019 14:15:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.646
X-Spam-Status: No, score=-1.646 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 0nvUxaYvHgB3; Wed, 24 Apr 2019 14:15:52 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3DB7A12014E; Wed, 24 Apr 2019 14:15:52 -0700 (PDT)
Received: by with SMTP id v10so15527242oib.1; Wed, 24 Apr 2019 14:15:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aH23A9foeZfCYyknRPZWdPQU/jqp+lqDwufuX+TPgjU=; b=HmdVIIeW7ucJOrCc6Mr5rWsOD4ekXk5Dvlxyc8H08J2p8N+qbcB/HuK6nOl5mYjq0V 6t40O3n5qyhu5kJ8xH5TsmygDc07KTHNauXGSeza+b1rQdkwFp5n6Uy1+GA2afNSnkDZ uBqH/NsNi/HhfV/ejrjiqb6TNXdERWTLXId84Ogb1BOYH+HiRgA27sjIvaSS9Gnl2ntY IYtEQXJwol60sZp0Np7XTgtxB+PQeY+8OlUCJuEKlWN0LcywMrJ+jt9B7OYrLqZj9mQg TMOBe+8PimrrsCWGlaxnwymvYesIiNGjzGPYoUUdxofbYlUQhkyTLCdjzme27ZOu4EA0 58HQ==
X-Gm-Message-State: APjAAAUPGL61/bpV49J3gGMrZiPVkl+raeL2T6jJcV6RWKAh1rkWDi5k KdsFYmPJ3fOU7Wy5VmgBqeJkWVxeD9qBEv0wp80=
X-Google-Smtp-Source: APXvYqyjnBzS2yQSRMcU8bWhwV2QLt3shR+5HaTLbjy0BMDybj+GMwA/+ad3oDBEwRcRTYadxcKtMpTf9fK9f3jxAnE=
X-Received: by 2002:aca:43d5:: with SMTP id q204mr838602oia.100.1556140551442; Wed, 24 Apr 2019 14:15:51 -0700 (PDT)
MIME-Version: 1.0
References: <> <20190422190302.GA3137@localhost> <> <> <> <> <> <> <> <>
In-Reply-To: <>
From: Phillip Hallam-Baker <>
Date: Wed, 24 Apr 2019 17:15:41 -0400
Message-ID: <>
To: Ben Laurie <>
Cc: Ben Laurie <>,, IETF SAAG <>
Content-Type: multipart/alternative; boundary="000000000000ca1a1b05874d349e"
Archived-At: <>
Subject: Re: [Secdispatch] [saag] The Mathematical Mesh
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 24 Apr 2019 21:15:54 -0000

On Wed, Apr 24, 2019 at 2:01 PM Ben Laurie <> wrote:

> On Wed, 24 Apr 2019 at 18:49, Phillip Hallam-Baker <>
> wrote:
>> The reason that the World Wide Web exists at all is that Tim Berners-Lee
>> ignored the sage advice of the hypertext community that referential
>> transparency was essential and pressed ahead with 'scruffy links'. Nobody
>> did usability testing to decide whether the gopher or Web UI was the
>> approach to follow until long after we knew the answer.
> This is a clear case of survivorship bias. The users did the usability
> testing. WWW survived (despite being technically terrible in many ways),
> the competitors did not.

The Web had 100 users in the fall of 1992 when it was first demonstrated in
public. There were at least two dozen competing network hypertext systems,
most of which were far better financed than the Web which had two full time
staff at the time.

Nine months later the Web had over a million users and it was game over for
every other network hypertext scheme apart from Acrobat which had already
begun merging itself with the Web to survive.

There was rather more than survivor bias at work there. One of the biggest
differences between the Web and everything else was that Eric Binna paid
immense attention to the quality of his software distributions. He provided
binary distributions for a start and the code compiled from source.

We paid a great deal of attention to usability but we never had the
resources to test any of it. There was never a testing lab at CERN for a
start. Or at NCSA as far as I am aware. Come to think of it, when VeriSign
acquired the old Netscape HQ, I pushed for the construction of a usability
lab. Which means that there wasn't one in the building when we moved in.

Right now, I have no means of knowing if an email from my bank is actually
>> an email from my bank or not. And that should be considered a problem. The
>> problem I have with discussions of usability is that the argument is made
>> that because we might not be able to serve every user we should just give
>> up and never try to change anything.
> Well, the problem I have with discussions of usability is the argument is
> made that we should leave that until all the tech is figured out, or that
> we don't need to bother because the thing is obviously better. Going from
> .1% to 1% is clearly an improvement, but it is not a solution.

Like I said, I am more than happy to accept input on how to do UI better.
But I am not going to be blocked on those resources. At this point I have
one employee and a seven figure budget. To start thinking about UI testing
I need to have more developers and a bigger budget.

> BTW, my original question was not about QR codes (though I have my doubts
> about those), but about this assertion about usability: "Otherwise, there
> are many existing protocols that make comparison of 15-30 character base 32
> encoded strings as the basis for mutual authentication and these have
> proved effective and acceptable."

I have entered product activation keys and lived. Adobe managed to sell
software with that requirements for decades. So they are not a show stopper
for at least some part of the audience. I am requiring only comparison of
two codes, not entry.

I accept that this is not the ideal approach and in the spec I suggest
using BASE32K encoding based on dictionaries of words or images. Since the
connection mechanism only requires comparison for equality, we don't have
to be restricted to something that can be entered on a keyboard. Images
would be the ideal of course because they can be language independent. 'Are
these nine pictures the same' is a pretty easy question to answer. The work
factor for the UDF approach would be (9*15)-8 = 127. 2^127 is sufficient
for most purposes. Comparing nine pictures for equality is relatively

I haven't gone into this in detail as yet, but my rough strategy for
managing the dictionaries is to

1) Sort the entries into a canonical sort order
2) Form a Merkle tree of the result.
3) Publish the apex of the tree in some tamper-proof fashion.

This avoids the need to store the entire dictionary on every device which
is important even for unconstrained devices. The image dictionary is going
to be huge and word dictionaries have to be customized to the user's

It has not escaped my notice that I could use this as a funding mechanism
for the Mesh itself. The million dollar image dictionary. Companies could
pay to contribute images to the corpus, part of which could be reserved for
advertising. If the system was used a million times a day, $1 would buy
nine exposures of the image per day in perpetuity. Or until someone decided
to do an advert-free version.