[Web-bot-auth] Re: WebBotAuth Direction
Watson Ladd <watsonbladd@gmail.com> Thu, 21 May 2026 12:31 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: web-bot-auth@mail2.ietf.org
Delivered-To: web-bot-auth@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 47BDAF262F82 for <web-bot-auth@mail2.ietf.org>; Thu, 21 May 2026 05:31:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1779366687; bh=3Aa4Uqvvni5l8qOP704VitG9xsqYLMmHf5t0NxvKGUw=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=QOH8cU+xbua/oWdYzCdCqaXMKcwteldG/N58iFzQRIZnUSicHhMCNCm8NSSKab02x Lgjt0LHmi1arHFhxI+rNSNjlhzE5Ta2A9xtUJKwW991BfEG9ZZrMwz0RctWFTL33L6 qmafTRJ1SDN9fl+YEaUaAQIZ6OKSptcIHCZWnEIU=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F_JBgD1AML_F for <web-bot-auth@mail2.ietf.org>; Thu, 21 May 2026 05:31:25 -0700 (PDT)
Received: from mail-wm1-x336.google.com (mail-wm1-x336.google.com [IPv6:2a00:1450:4864:20::336]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id E5699F262F71 for <web-bot-auth@ietf.org>; Thu, 21 May 2026 05:31:25 -0700 (PDT)
Received: by mail-wm1-x336.google.com with SMTP id 5b1f17b1804b1-490229aa522so26748085e9.3 for <web-bot-auth@ietf.org>; Thu, 21 May 2026 05:31:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1779366678; cv=none; d=google.com; s=arc-20240605; b=kUywwF8gTot6op9qW2N9V6K1Tl7K/UTSM81iVyYihbzAtlzg7bjw0yFkYN6ElV1cZp c1yfmnRgUpHYDbh8uF+9gOx64Qh0dbjG1hxzySH32XvGAik6I/AjIDdSUxaswfKZcPkl l/1JklaHtpj0QQyVbDY9k/7qVtA01cRx/EwKUnGn0lvwVP6pcG7A254/ExcYGzGF2HUF wgl37PLAZZVDtZtnkP9phpuNhkxUYE+WgfDkU9oGWT4DL4yjHBZHi0/2N/kjP8NQC9so QR3F2aPwRSCnWhq6XJoZxMQNJz0/MqX4jmen8V2AbKjVhr7NZYHKac5EIbqU/nLZYsi4 l3iw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=3Aa4Uqvvni5l8qOP704VitG9xsqYLMmHf5t0NxvKGUw=; fh=AY+QXPs2cdL9SQMF5gYZaER85Hw7kZ02MeFC/CkSUvk=; b=Y9bDPCYXxg+yI+g6MLIFzliaquvrcRZ+lsZ1nTQsK0jna3jqtWTBix3d4ygI2HwBtT 9I3klbeE2v9HLk2naEcMmJM9t51N9yP2QkYelFDkn+Wylkt3RZ8isRpYx4arZOKohcfN fRCj1uyzOAR8JppCZYlYPChheFmCQ+z/SuR7QC3Ef8nw0ljpd6kh3cY2B3Wx7v5Rnzs6 mMbNl3M0kKwm4iDFZXk9OG/366NaXJwXSlm+xREw4rN3AVG8rdGzQg4VGDC4FN5pqOTK NvNmVpuO+loiCeK6tKnvtIJmyLqAIexj5T9gaJUzOuoGtkJuWiBafuVXObLG50y5BaE0 8UBA==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1779366678; x=1779971478; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=3Aa4Uqvvni5l8qOP704VitG9xsqYLMmHf5t0NxvKGUw=; b=eXjP+wSAGN811JbUJIjl4IXkCjBsO5bE+eFKokaz9Xp9AzSspv6Jf0u5CKXK3bWDNj FdKZVYo8+k7XC0PGFkhurAp0uc/1N6K7lkp1iTotytI0zjdbCwktuQnfgEkz4OqN8aW6 q0UR1843wbXQ/muRYBhqJ1OOXdal+/Sknxk2/rJwdvs1HjH4EPDeyiQrVyiF0E4CCRNu RqnbfaDYXQ7h2EKKUXUGGrU0Ynr4R8Ed95u2vUyhNezGskimi+bRy0EiTwLKAvq7xcxf ZA5/ILyNG/2AMGw/H9Zok2vVEIcMwin7qGOOYS9JeIHEbxsvHDRWxOBGL/R/rRsmxijy kaFg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779366678; x=1779971478; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=3Aa4Uqvvni5l8qOP704VitG9xsqYLMmHf5t0NxvKGUw=; b=pNhbc0pNgfcyIc1+HYSYzxw6+c5aMRQfPwCHXnHaDjT7D64PSZqxCUP0G/KaVtVfiF 9N2ag1luhvMwJXfefGr/bIERPQ10ir/u6QqJza022fMPEGFGKMopQ3QBRkbxp7VH3G6u K6PpNKyIWhQeg7kyLmJYACYHDrLJoi6Z5ur2JxWI0iZLmz1SehyZdZu49QV3sx5OxT0w 1LZzoM1rvK1qIsfpOS0qUwiAGOq0PFhlSFKoTqmC0YYB+GCeTSnbqfPnIgCuA28P1XHe PTN+6s2+cp1SolzAUEe92o26mFZZ6JHdPyAe1CNvX+ESqn31roNAl645NvOwbhUxGZfp shLA==
X-Forwarded-Encrypted: i=1; AFNElJ80qP5/DwHsqt/SULGHTda+gl2o69CsMFcpwyCVvwr1iD+uV7qsoGP0qV4G3Gt6rl1Xzy4h0FfZ1LB/jxY=@ietf.org
X-Gm-Message-State: AOJu0YyT8uHx0hjVFS11zLGhCcLpJfPVx8lVpspuNJGK8asSGSf+6neR cp3Tfil/x687PyLdmwGAGn0jYynu7Fh4FnrcUl2oc1d0QA+fz48iarD0fVTxa/BjgAo3RpFdPBl L2JRccoAf60GNfDSzqAqY4FiFakokUtk=
X-Gm-Gg: Acq92OHfnbTcSxMds1yub7I7Ju8VMEkNdFHZMpPdjWXlrOfNINUPnkHjAz2SoS9iLRa GnPj3KgCujhtT7nqDH5S0K3FSlulG8HMSUowhpqr8iavvVlGfm1t+XG6So4eVl29GusvbI1NZj9 f8Qu/QrgIOODOYpaLk4ZkfUU/NEjxzLc5Kv3SHS5Z1t6J3ftpI5BnU7VHjetgsxkgG32l3/KtSN AbZ51BZPZdtgfmSouJ3zOrmd+1omtbDi0uOEAFAHCfBioGdzv40uMLiHAWiEftRvKAFxiliOPVp JcWMJJyCDnufa8BUYJZ2uz734BHcn61gf4jrS3SwrY8v1vBLNreoPn4RQPT79NdTkPXXrC0Tin2 Px6DRi1NhGb4bDfiM3oY7shkuINPddX5oIcoGqjjsYC2UheaetpRtDqWt
X-Received: by 2002:a05:600c:c08b:b0:48a:557e:6b4f with SMTP id 5b1f17b1804b1-490360ca05emr31373705e9.23.1779366678331; Thu, 21 May 2026 05:31:18 -0700 (PDT)
MIME-Version: 1.0
References: <CADNypP_iOUp6K90V4a=WcDOhqpG5yUv+VXh_jOwtLhEJf7s4jA@mail.gmail.com> <4BC241F8-8E3E-4CAE-B381-A0017E4C27F6@mnot.net> <2B1B950A-9FE2-4037-B5F1-11D1B4F25571@skgo.org> <CAGJaBrD27ZUxXBP4z_q22w=08yRRs9ABMjcTTWsAwa6J4gP95g@mail.gmail.com> <CAMzqgozP8chRZHgjJGevYWDfP5C=Ewc8mZUDCeEreEmJGtvomg@mail.gmail.com> <CAP5QTG7=Z_b1vgmKd6+iQk-+QNfKhZM3_q8wV4FTHepsQhYRvQ@mail.gmail.com> <DBBPR01MB1065104F6FE6CD00A9A747C0195002@DBBPR01MB10651.eurprd01.prod.exchangelabs.com> <CACsn0cmLHM2jAw2M20ekGeQ+T68HuhuxHkexBcqde-3P_BWtFg@mail.gmail.com> <F4BD282F-7201-4C3A-97F9-6816EE5E512B@litzki-systems.com>
In-Reply-To: <F4BD282F-7201-4C3A-97F9-6816EE5E512B@litzki-systems.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Thu, 21 May 2026 08:31:06 -0400
X-Gm-Features: AVHnY4KI6BHkhLdM1C8URgJpMmhVGHPW3gnm9fquEpj6-3J7sp0th6eZY0bVymo
Message-ID: <CACsn0cnG2SMkucOBv7odnWZ9CXaKWOgG37E=L_wS6_UuK0SP6Q@mail.gmail.com>
To: info@litzki-systems.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: ECMI7SZOO3BMA2EROSEXPDHISUI6Q3JI
X-Message-ID-Hash: ECMI7SZOO3BMA2EROSEXPDHISUI6Q3JI
X-MailFrom: watsonbladd@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Srecko Jovancevic <Srecko.Jovancevic@skgo.org>, Brent Zundel <brent.zundel@yubico.com>, Orie <orie@or13.io>, Sarah McKenna <sarah.mckenna=40sequentum.com@dmarc.ietf.org>, Mark Nottingham <mnot=40mnot.net@dmarc.ietf.org>, Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>, "web-bot-auth@ietf.org" <web-bot-auth@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Web-bot-auth] Re: WebBotAuth Direction
List-Id: Authentication of non-human users to human-oriented Web sites <web-bot-auth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/web-bot-auth/Dqo45FOleBeYWEIU6546JQwnU80>
List-Archive: <https://mailarchive.ietf.org/arch/browse/web-bot-auth>
List-Help: <mailto:web-bot-auth-request@ietf.org?subject=help>
List-Owner: <mailto:web-bot-auth-owner@ietf.org>
List-Post: <mailto:web-bot-auth@ietf.org>
List-Subscribe: <mailto:web-bot-auth-join@ietf.org>
List-Unsubscribe: <mailto:web-bot-auth-leave@ietf.org>
On Wed, May 20, 2026 at 5:06 PM <info@litzki-systems.com> wrote: > > Hi Watson, > > The argument holds. A browser-wrapped bot is, at the transport layer, identical to a human browser. Behavioral heuristics cause collateral damage to legitimate users before they catch a sophisticated bot. That is a structural property of the open web, not an implementation gap. To be clear I am not asking about heuristics today. I am asking about how we define abuse: is it determined by what kind of automation is being used (I don't type HTTP GET / myself!), or is it the kinds of interactions (spammy comments, price scraping, trying logins) that both humans and bots can perform, but bots have an economic advantage in doing? To my mind this is very important for assessing the viability of reputation based systems (more to come in Vienna) vs. attestation based. Sincerely, Watson > > The same analysis points to where attestation does work: closed, cooperative ecosystems where it is a hard entry condition. The attack surface disappears by design. Protocol engineering delivers there. > > I submitted draft-litzki-sovp-00 to DISPATCH last week. It addresses one specific layer: verifying that a domain owner's signed machine-readable declaration remains intact between signing and agent ingestion. It operates before ingestion begins, orthogonal to agent identity (WIMSE) and source certification (draft-bondar-wca). > > The enterprise-ecosystem framing in this thread maps directly onto that layer. > > Draft: https://datatracker.ietf.org/doc/draft-litzki-sovp/ > > > Best regards > > Thorsten Litzki > Inventor, Sovereign Validation Protocol > > LITZKI SYSTEMS LLC > Web // LinkedIn > > > > Am 19.05.2026 um 09:27 schrieb Watson Ladd <watsonbladd@gmail.com>: > > I think that argument proves too much. The issue is not that bot traffic doesn't look human. Rather it's that there are classes of interaction that are malicious, and until recently automation (which after all humans start!) was a proxy for that actual behavioral difference. > _______________________________________________ > Web-bot-auth mailing list -- web-bot-auth@ietf.org > To unsubscribe send an email to web-bot-auth-leave@ietf.org > > -- Astra mortemque praestare gradatim
- [Web-bot-auth] WebBotAuth Direction Rifaat Shekh-Yusef
- [Web-bot-auth] Re: WebBotAuth Direction Julian Norton
- [Web-bot-auth] Re: WebBotAuth Direction Watson Ladd
- [Web-bot-auth] Re: WebBotAuth Direction Dellaert, Philippe
- [Web-bot-auth] Re: WebBotAuth Direction Sarah McKenna
- [Web-bot-auth] Re: WebBotAuth Direction Bobbie Chen
- [Web-bot-auth] Re: WebBotAuth Direction Thibault Meunier
- [Web-bot-auth] Re: WebBotAuth Direction Jo Levy
- [Web-bot-auth] Re: WebBotAuth Direction Yaroslav Rosomakho
- [Web-bot-auth] Re: WebBotAuth Direction Dick Hardt
- [Web-bot-auth] Re: WebBotAuth Direction Rifaat Shekh-Yusef
- [Web-bot-auth] Re: WebBotAuth Direction Sam Schlesinger
- [Web-bot-auth] Re: WebBotAuth Direction Srecko Jovancevic
- [Web-bot-auth] Re: WebBotAuth Direction Eric Trouton
- [Web-bot-auth] Re: WebBotAuth Direction Srecko Jovancevic
- [Web-bot-auth] Re: WebBotAuth Direction Rony Shalit
- [Web-bot-auth] Re: WebBotAuth Direction Mirja Kuehlewind (IETF)
- [Web-bot-auth] Re: WebBotAuth Direction Srecko Jovancevic
- [Web-bot-auth] Re: WebBotAuth Direction Eric Rescorla
- [Web-bot-auth] Re: WebBotAuth Direction Srecko Jovancevic
- [Web-bot-auth] Re: WebBotAuth Direction Eric Rescorla
- [Web-bot-auth] Re: WebBotAuth Direction Pablo Gonzalez
- [Web-bot-auth] Re: WebBotAuth Direction Srecko Jovancevic
- [Web-bot-auth] Re: WebBotAuth Direction Srecko Jovancevic
- [Web-bot-auth] Re: WebBotAuth Direction Dick Hardt
- [Web-bot-auth] Re: WebBotAuth Direction Nina Klee
- [Web-bot-auth] Re: WebBotAuth Direction Srecko Jovancevic
- [Web-bot-auth] Re: WebBotAuth Direction Mark Nottingham
- [Web-bot-auth] Re: WebBotAuth Direction Sarah McKenna
- [Web-bot-auth] Re: WebBotAuth Direction Orie
- [Web-bot-auth] Re: WebBotAuth Direction Rifaat Shekh-Yusef
- [Web-bot-auth] Re: WebBotAuth Direction Brent Zundel
- [Web-bot-auth] Re: WebBotAuth Direction Farzaneh Badiei
- [Web-bot-auth] Re: WebBotAuth Direction Srecko Jovancevic
- [Web-bot-auth] Re: WebBotAuth Direction Watson Ladd
- [Web-bot-auth] Re: WebBotAuth Direction Srecko Jovancevic
- [Web-bot-auth] Re: WebBotAuth Direction Watson Ladd
- [Web-bot-auth] Re: WebBotAuth Direction Srecko Jovancevic
- [Web-bot-auth] Re: WebBotAuth Direction Rifaat Shekh-Yusef
- [Web-bot-auth] Re: WebBotAuth Direction Srecko Jovancevic
- [Web-bot-auth] Re: WebBotAuth Direction Srecko Jovancevic
- [Web-bot-auth] Re: WebBotAuth Direction Watson Ladd