J D Falk wrote:
Dave Crocker wrote:
The SSP specification needs to remove all references to end-users,
human factors, or the like and it needs to remove all consideration of
them from its design.
Absent that removal, the working group needs to develop an empirical
basis for specific human factors assertions that drive the design and
demonstrate working group consensus that these assertions are valid as
well as necessary to the use of SSP.
There's still a lot of experimenting to do before we'll be able to call
any authentication-related user interface element a "best" practice.
Those experiments can't occur until DKIM (and probably SSP) has wider
I strongly disagree. Many IETF protocol specifications have the user
interface in mind from the get go. This is particularly true in mail.
Take the simple construct of the Subject: line. It is there because
users need a summary of an email, and it is the semantic equivalent of
RE: on a letter. Netnews is the same way with the Newsgroups:
construct. That is there because users are interested in specific bits
of information. No human factors experts were involved in the creation
of Email or Netnews protocols. I know. I was there for the latter. SSP
does NOT tell applications what to display or how to display
information, but rather makes basic observations and conclusions about
behavior of users and spammers that we see today. That is: users look
at From lines and spammers and phishers try to fake them. Anyone
DISAGREE with that assertion?
NOTE WELL: This list operates according to