Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealth

Wednesday, Dec 2, 2015 3:56 AM Paul Smith wrote:
> The thing is that whatever you do to email, the weak link is always the 
> human. Humans are the ones who respond to Nigerian princes, they're the ones 
> who think it's OK to send their bank password by email to anyone who asks for 
> it in an authoritative way, etc.
>
> So, training HAS to be done, otherwise people will lose privacy.
Look, I'm really sorry to keep harping on this, because I know it's a bit off 
topic and probably annoying, but your model of how to do security for end users 
is simply wrong.   The way you prevent people from getting scammed is to by 
default not deliver email from people they don't know.   I realize this is 
anathema to a lot of email folks, but that's why facebook is more popular than 
email now: facebook doesn't deliver spam from people you haven't friended.

The way you prevent people from getting their passwords ripped is to not give 
them passwords.   The tokbind working group is working this problem, and the 
solution they have is a good one, which we will undoubtedly see deployed in the 
future.   It's true that it's not available now, and the vulnerability that you 
cite does exist now.   This is a problem we need to solve, not an inevitable 
quality of online technology.   Security technology based on physical tokens is 
also getting better/more accessible.   It's worth noting that Nigerian scammers 
typically scam people who have actual cognitive deficits, not regular people.   
People aren't actually all equally gullible, and there are lots of people who 
are skeptical enough that they can benefit from privacy protections even in the 
absence of secure token binding and physical tokens.

> Of course, most people don't really care about privacy whatever they say 
> (witness all the personal information posted to Facebook/Twitter/etc) so it 
> doesn't matter that they can't be trained. The ones who do really care about 
> their privacy are the ones who will train themselves if the information is 
> available to them.
This doesn't reflect what people who actually study this issue are saying.   
People do care about privacy.   They just can't get it.   Even though they 
can't get it, they do take measures to get it to the extent that they can.   
It's true that not everybody does this, but it is not true that most people 
just don't care.   If you ask them "do you care about privacy," they might say 
no, but if for example you ask them "do you care if thieves know whether or not 
you are out of town," they will say yes.

So saying that because people don't care about privacy, we shouldn't try to 
protect their privacy, is wrong on two counts: first it's wrong that people 
don't care about privacy, and second it's wrong that we shouldn't try to 
protect people from threats of which they are not presently aware.


--
Sent from Whiteout Mail - https://whiteout.io

My PGP key: https://keys.whiteout.io/mellon(_at_)fugue(_dot_)com

pgpkPWPr6GV6A.pgp
Description: PGP signature

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp