[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

2015-12-02 09:11:45
On 12/2/2015 5:50 AM, Ted Lemon wrote:
Wednesday, Dec 2, 2015 3:56 AM Paul Smith wrote:
The thing is that whatever you do to email, the weak link is always the 
human. Humans are the ones who respond to Nigerian princes, they're the 
ones who think it's OK to send their bank password by email to anyone who 
asks for it in an authoritative way, etc.

So, training HAS to be done, otherwise people will lose privacy.
Look, I'm really sorry to keep harping on this, because I know it's a bit off 
topic and probably annoying, but your model of how to do security for end 
users is simply wrong.   The way you prevent people from getting scammed is 
to by default not deliver email from people they don't know.   I realize this 
is anathema to a lot of email folks,

Absent hard data that shows efficacy, both of you are wrong.

At base, we don't know how to prevent folks from getting scammed, while
still allowing them to interact with the outside world.

Lots of people are sure they know the right answer here, but none of
them can document efficacy.  Worse, most of the ways people cite have
already been demonstrated to be inadequate or unachievable.

So yeah, this line of discussion is entirely out of scope.


Dave Crocker
Brandenburg InternetWorking

ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>