Re: [mailop] Displaying logos
Dnia 15.01.2024 o godz. 08:07:28 Sebastian Nielsen via mailop pisze: > A better solution would otherwise to make a BIMI extension to SMIME in > that case, that will override the server BIMI in SMIME signed emails. > Where the BIMI logo becomes part of the SMIME certificate by an > non-critical extension. (SHA512 hash + URL of BIMI logo) That's probably the best idea, because BIMI will then become simply an additional feature to something that is actually useful (S/MIME certificate). This may also promote use of S/MIME for actual end-to-end email authentication, which undoubtedly *is* the most reliable from of email authentication, but is very rarely used today. Going through all this process you have described just to get a BIMI-validated logo seems still a waste of time and effort for me. We return here to the original question: what is the actual added value that BIMI gives? For me it looks like a typical case of "solving a problem one has first created themselves", ie. first we create another artificial barrier of entry for someone wanting to operate own email server, that by itself gives little to zero added value (the value does not justify the effort needed to set it up), and then we try to find a solution to make that barrier of entry "lower" and less obtrusive. Instead of returning again and again to the question, is this barrier of entry actually needed at all? And a final remark regarding your draft: believe it or not, but there *are* people in the world who want to run their own mail server, but do not use - and do not want to use - smartphones. So, no NFC or QR code scanning. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Displaying logos
>>I do think it would be better to use a common key that could be used to >>verify multiple signed user images, this way only one DNS record would need >>to be published and the user's eMail address could be used as part of the >>verification, sort of like how OpenVPN does this (I'm sketchy on these >>details, but I'm pretty sure this can be done). I think it cannot be done, as the certificate itself is published in the record, and tied to the image. A better solution would otherwise to make a BIMI extension to SMIME in that case, that will override the server BIMI in SMIME signed emails. Where the BIMI logo becomes part of the SMIME certificate by an non-critical extension. (SHA512 hash + URL of BIMI logo) Outside of SMIME, Having one key to sign multiple "images" could work by a header in the email containing the BIMI image url and signature, which is then linked to the BIMI certificate in the record. And the signature is aquired by going to the CA and getting a signature - could work via an automated solution where each domain is given a BIMI public key purchased by the domain owner - this only requires domain validation like DNS-01. Then the individual users, buys their own BIMI signature by submitting their passport scan, and the domain they wish to use. If the CA recongnizes the public certificate, they can sign for it. If it doesn't, it can't since the CA doesn't possess the private key. Meaning the domain owner gets to decide which CA the users must use, and then the users aquire the signatures and submit them to domain owner, which then configures their email accounts. >>Drawing a line would be arbitrary. There are some families with large >>numbers of children (more than a dozen) Agreed, but there, it works with 1 record per individual. I think it works nice up to like about 15-20 users, then it becomes a burden. And yes, each user would need their own BIMI certificate in that case, and then a selector is used to choose the right image at sending. So there is only 2 designations: Corporation --> one BIMI logo Individual --> one BIMI face For non-profits, corporation, government, military, edu, then todays "Corporation" BIMI will work well with the organization's logo. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Displaying logos
> I envision this being a system for individual domains, ergo non-corporate > domain owners. > For domains with a few users, then it would require a DNS record per user yes. That's interesting. It is, of course, easy to automate the addition of DNS records, one per user, but then I suppose spammers might try to harvest those records to figure out which eMail accounts are on the system. I do think it would be better to use a common key that could be used to verify multiple signed user images, this way only one DNS record would need to be published and the user's eMail address could be used as part of the verification, sort of like how OpenVPN does this (I'm sketchy on these details, but I'm pretty sure this can be done). One of the big advantages of publishing just one record (or a few records representing different groups of users, such as by region, primary server, department, etc.) is DNS caching. > For domains with many users, then it would be a corporation owning it, and > thus it would bear the logo for the corporation. Drawing a line would be arbitrary. There are some families with large numbers of children (more than a dozen) that could count for more users than the total staff at many small companies (e.g., less than 10 employees). Add to that, non-profit organizations, which many people might be inclined to consider as a sort of middle-ground. I think that an arbitrary number of people would make things more complicated than simply requiring a desigation at the time of application, such as Family, Non-Profit, Corporation, Government, Military, Educational Institution, etc. The best would probably be to just keep it simple with a separate "Individual" designation. > -Ursprungligt meddelande- > Från: Randolf Richardson, Postmaster via mailop > Skickat: den 15 januari 2024 02:46 > Till: Mailop > Ämne: Re: [mailop] Displaying logos > > Let's Encrypt style automation will be necessary with a large userbase, > and even with a small userbase it will be very helpful. > > How do you envision the DNS records being set up? Should there be one > DNS record for each user, or a shared DNS record with some sort of a > cryptographic fingerprint that validates all users within the given domain? > > > I have sent this to Digicert and Entrust in a hope of creating a simple > > certification BIMI process for individuals. > > If this process becomes standardized, it could gain the same traction as > > Lets Encrypt and eventually become free. > > > > Remember how StartSSL had cheap code signing and SSL wildcard certicates > > for individuals? > > > > *** > > I have a product suggestion, which is some sort of VMC / BIMI for > > individuals. > > That could make use of a cheap and fully automated validation process, > > which could then have a very low price, as no human needs to be involved to > > verify an association, business or trade mark. > > > > Here is my idea on how it could work: > > 1: You go to the app store and download a specific app - "Digicert VMC for > > Individuals" or "Entrust VMC for Individuals", Or you both could > > collaborate on a joint app regardless of where the certificate is purchased. > > 2: You scan a QR code on-screen. > > 3: You scan your own passport or national ID card with your NFC scanner on > > phone. > > 4: This will extract all data from the passport and validate it against the > > country signer certificate (ICAO certificate). > > 5: Then the face picture is extracted from the passport/ID card, validated, > > and then put into a SVG converter. > > 6: You then use sliders on-screen to control how the JPEG/JPEG2000->SVG > > conversion process behaves, to make the face picture look as good as > > possible. The sliders maximum and minimum values must of course be limited > > to prevent individuals to produce images that are too vague to be a true > > identification, but on the other hand allow enough customization so very > > hairy, beardy or pimply people doesn´t generate too huge SVG files and look > > good visually without too much SVG dithering. > > 7: After you are satisfied with the picture, you complete the purchase, and > > then you are given the generated SVG picture and PEM certificate to use in > > the a= parameter of BIMI record. > > > > Since the CA is responsible to generate the SVG in this case, the process > > can be completely and fully automated, which means the price can be very > > cheap or low, like lets say about 50EUR per certificate, which will
Re: [mailop] Displaying logos
I envision this being a system for individual domains, ergo non-corporate domain owners. For domains with a few users, then it would require a DNS record per user yes. For domains with many users, then it would be a corporation owning it, and thus it would bear the logo for the corporation. -Ursprungligt meddelande- Från: Randolf Richardson, Postmaster via mailop Skickat: den 15 januari 2024 02:46 Till: Mailop Ämne: Re: [mailop] Displaying logos Let's Encrypt style automation will be necessary with a large userbase, and even with a small userbase it will be very helpful. How do you envision the DNS records being set up? Should there be one DNS record for each user, or a shared DNS record with some sort of a cryptographic fingerprint that validates all users within the given domain? > I have sent this to Digicert and Entrust in a hope of creating a simple > certification BIMI process for individuals. > If this process becomes standardized, it could gain the same traction as Lets > Encrypt and eventually become free. > > Remember how StartSSL had cheap code signing and SSL wildcard certicates for > individuals? > > *** > I have a product suggestion, which is some sort of VMC / BIMI for individuals. > That could make use of a cheap and fully automated validation process, which > could then have a very low price, as no human needs to be involved to verify > an association, business or trade mark. > > Here is my idea on how it could work: > 1: You go to the app store and download a specific app - "Digicert VMC for > Individuals" or "Entrust VMC for Individuals", Or you both could collaborate > on a joint app regardless of where the certificate is purchased. > 2: You scan a QR code on-screen. > 3: You scan your own passport or national ID card with your NFC scanner on > phone. > 4: This will extract all data from the passport and validate it against the > country signer certificate (ICAO certificate). > 5: Then the face picture is extracted from the passport/ID card, validated, > and then put into a SVG converter. > 6: You then use sliders on-screen to control how the JPEG/JPEG2000->SVG > conversion process behaves, to make the face picture look as good as > possible. The sliders maximum and minimum values must of course be limited to > prevent individuals to produce images that are too vague to be a true > identification, but on the other hand allow enough customization so very > hairy, beardy or pimply people doesn´t generate too huge SVG files and look > good visually without too much SVG dithering. > 7: After you are satisfied with the picture, you complete the purchase, and > then you are given the generated SVG picture and PEM certificate to use in > the a= parameter of BIMI record. > > Since the CA is responsible to generate the SVG in this case, the process can > be completely and fully automated, which means the price can be very cheap or > low, like lets say about 50EUR per certificate, which will be valid until the > passport´s or ID card´s expiration time. > Or lets say 20EUR per year, but maximum certificate length is until the > passport or ID card expires. > By having the CA do the JPEG/JPEG2000 to SVG conversion based on the > electronic passport picture which is validated from ICAO signature, theres no > need for a face comparision process or biometric face identification, as the > process is sourced from the face picture thus, its not possible to cheat or > fake the process in any way. > > In addition, SMIME certificates for individuals with full identity validation > could be provided in a similar fully automated way with the same form of NFC > scanning app. > In this case, the data from passport is used to fill in all applicable fields > on a certificate. > Since the data from passport is already signed by ICAO certificate, its not > possible to cheat or fake the data in any way. > *** > > > Hopefully, a good process for both SMIME and BIMI could be created, which > requires no manual or human check, be fully automated, and pose no security > consequences for the email world. > Since the validation data would be sourced from a instance that already is > vetted with a ICAO certificate, it could become a very secure solution, with > no risk of fraudulent certificates. > > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -- Postmaster - postmas...@inter-corporate.com Randolf Richardson, CNA - rand...@inter-corporate.com Inter-Corporate
Re: [mailop] Displaying logos
Let's Encrypt style automation will be necessary with a large userbase, and even with a small userbase it will be very helpful. How do you envision the DNS records being set up? Should there be one DNS record for each user, or a shared DNS record with some sort of a cryptographic fingerprint that validates all users within the given domain? > I have sent this to Digicert and Entrust in a hope of creating a simple > certification BIMI process for individuals. > If this process becomes standardized, it could gain the same traction as Lets > Encrypt and eventually become free. > > Remember how StartSSL had cheap code signing and SSL wildcard certicates for > individuals? > > *** > I have a product suggestion, which is some sort of VMC / BIMI for individuals. > That could make use of a cheap and fully automated validation process, which > could then have a very low price, as no human needs to be involved to verify > an association, business or trade mark. > > Here is my idea on how it could work: > 1: You go to the app store and download a specific app - "Digicert VMC for > Individuals" or "Entrust VMC for Individuals", Or you both could collaborate > on a joint app regardless of where the certificate is purchased. > 2: You scan a QR code on-screen. > 3: You scan your own passport or national ID card with your NFC scanner on > phone. > 4: This will extract all data from the passport and validate it against the > country signer certificate (ICAO certificate). > 5: Then the face picture is extracted from the passport/ID card, validated, > and then put into a SVG converter. > 6: You then use sliders on-screen to control how the JPEG/JPEG2000->SVG > conversion process behaves, to make the face picture look as good as > possible. The sliders maximum and minimum values must of course be limited to > prevent individuals to produce images that are too vague to be a true > identification, but on the other hand allow enough customization so very > hairy, beardy or pimply people doesn´t generate too huge SVG files and look > good visually without too much SVG dithering. > 7: After you are satisfied with the picture, you complete the purchase, and > then you are given the generated SVG picture and PEM certificate to use in > the a= parameter of BIMI record. > > Since the CA is responsible to generate the SVG in this case, the process can > be completely and fully automated, which means the price can be very cheap or > low, like lets say about 50EUR per certificate, which will be valid until the > passport´s or ID card´s expiration time. > Or lets say 20EUR per year, but maximum certificate length is until the > passport or ID card expires. > By having the CA do the JPEG/JPEG2000 to SVG conversion based on the > electronic passport picture which is validated from ICAO signature, theres no > need for a face comparision process or biometric face identification, as the > process is sourced from the face picture thus, its not possible to cheat or > fake the process in any way. > > In addition, SMIME certificates for individuals with full identity validation > could be provided in a similar fully automated way with the same form of NFC > scanning app. > In this case, the data from passport is used to fill in all applicable fields > on a certificate. > Since the data from passport is already signed by ICAO certificate, its not > possible to cheat or fake the data in any way. > *** > > > Hopefully, a good process for both SMIME and BIMI could be created, which > requires no manual or human check, be fully automated, and pose no security > consequences for the email world. > Since the validation data would be sourced from a instance that already is > vetted with a ICAO certificate, it could become a very secure solution, with > no risk of fraudulent certificates. > > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -- Postmaster - postmas...@inter-corporate.com Randolf Richardson, CNA - rand...@inter-corporate.com Inter-Corporate Computer & Network Services, Inc. Vancouver, British Columbia, Canada https://www.inter-corporate.com/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Displaying logos
I have sent this to Digicert and Entrust in a hope of creating a simple certification BIMI process for individuals. If this process becomes standardized, it could gain the same traction as Lets Encrypt and eventually become free. Remember how StartSSL had cheap code signing and SSL wildcard certicates for individuals? *** I have a product suggestion, which is some sort of VMC / BIMI for individuals. That could make use of a cheap and fully automated validation process, which could then have a very low price, as no human needs to be involved to verify an association, business or trade mark. Here is my idea on how it could work: 1: You go to the app store and download a specific app – “Digicert VMC for Individuals” or “Entrust VMC for Individuals”, Or you both could collaborate on a joint app regardless of where the certificate is purchased. 2: You scan a QR code on-screen. 3: You scan your own passport or national ID card with your NFC scanner on phone. 4: This will extract all data from the passport and validate it against the country signer certificate (ICAO certificate). 5: Then the face picture is extracted from the passport/ID card, validated, and then put into a SVG converter. 6: You then use sliders on-screen to control how the JPEG/JPEG2000->SVG conversion process behaves, to make the face picture look as good as possible. The sliders maximum and minimum values must of course be limited to prevent individuals to produce images that are too vague to be a true identification, but on the other hand allow enough customization so very hairy, beardy or pimply people doesn’t generate too huge SVG files and look good visually without too much SVG dithering. 7: After you are satisfied with the picture, you complete the purchase, and then you are given the generated SVG picture and PEM certificate to use in the a= parameter of BIMI record. Since the CA is responsible to generate the SVG in this case, the process can be completely and fully automated, which means the price can be very cheap or low, like lets say about 50€ per certificate, which will be valid until the passport’s or ID card’s expiration time. Or lets say 20€ per year, but maximum certificate length is until the passport or ID card expires. By having the CA do the JPEG/JPEG2000 to SVG conversion based on the electronic passport picture which is validated from ICAO signature, theres no need for a face comparision process or biometric face identification, as the process is sourced from the face picture thus, its not possible to cheat or fake the process in any way. In addition, SMIME certificates for individuals with full identity validation could be provided in a similar fully automated way with the same form of NFC scanning app. In this case, the data from passport is used to fill in all applicable fields on a certificate. Since the data from passport is already signed by ICAO certificate, its not possible to cheat or fake the data in any way. *** Hopefully, a good process for both SMIME and BIMI could be created, which requires no manual or human check, be fully automated, and pose no security consequences for the email world. Since the validation data would be sourced from a instance that already is vetted with a ICAO certificate, it could become a very secure solution, with no risk of fraudulent certificates. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Displaying logos
Dnia 13.01.2024 o godz. 16:58:27 John Levine via mailop pisze: > > That's why it's not silly that BIMI tries only to show legit logos, even > though > it makes it impractical for anyone other than largish organizations. Which brings us back to my original point - which you now have confirmed - that BIMI is not practically feasible, as you can't *force* MUA developers to have *only* BIMI-validated logos displayed. In fact, quite the contrary is very probable as I doubt that email apps that are already showing avatars would give up on them in favor of displaying *only* BIMI logos. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Displaying logos
> On Saturday 13/01/2024 at 3:59 pm, John Levine via mailop wrote: > > It appears that Randolf Richardson, Postmaster via mailop > > said: > >> > >>> > >>> It might work to put a gold border around checked logos and a > >>> black/red dashed > >>> line around non-validated logos. > >> > >> That's actually a better solution than what I suggested. > > > > Extensive experience says that doesn't work. If you show something at > > all, people will believe that it is real. And no amount of MAY BE > > FORGED or DRAGONS WILL EAT YOU IF YOU CLICK HERE will make any > > difference. > > Why not go all-in on the multimedia experience? Play ominous music > and issue a stern warning (e.g. Robbie the Robot) if the user attempts > to reply or select links. Or play instructional videos by a selection > of popular influencers. Hooray for YouTube and TikTok helping to keep the bad guys away! 8D > Too bad the mail client can't generate odors or flavors or reach out > and poke users, in addition to sights and sounds. All of which would > also be cryptographically signed. Must be a lack of standards. That smells like we're all going to need olfactory updates, and if Microsoft manages any of it they'll be installing at the worst possible times, such as while doing live presentations on stage; when the food on the stove is burning; when finally getting a Rhinoplasty operation in South Park, Colarado, USA; etc. =( -- Postmaster - postmas...@inter-corporate.com Randolf Richardson, CNA - rand...@inter-corporate.com Inter-Corporate Computer & Network Services, Inc. Vancouver, British Columbia, Canada https://www.inter-corporate.com/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Displaying logos
On Saturday 13/01/2024 at 3:59 pm, John Levine via mailop wrote: It appears that Randolf Richardson, Postmaster via mailop said: It might work to put a gold border around checked logos and a black/red dashed line around non-validated logos. That's actually a better solution than what I suggested. Extensive experience says that doesn't work. If you show something at all, people will believe that it is real. And no amount of MAY BE FORGED or DRAGONS WILL EAT YOU IF YOU CLICK HERE will make any difference. Why not go all-in on the multimedia experience? Play ominous music and issue a stern warning (e.g. Robbie the Robot) if the user attempts to reply or select links. Or play instructional videos by a selection of popular influencers. Too bad the mail client can't generate odors or flavors or reach out and poke users, in addition to sights and sounds. All of which would also be cryptographically signed. Must be a lack of standards. [...] Peter E. Fry ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Displaying logos
It appears that Randolf Richardson, Postmaster via mailop said: >> It might work to put a gold border around checked logos and a black/red >> dashed >> line around non-validated logos. > > That's actually a better solution than what I suggested. Extensive experience says that doesn't work. If you show something at all, people will believe that it is real. And no amount of MAY BE FORGED or DRAGONS WILL EAT YOU IF YOU CLICK HERE will make any difference. That's why it's not silly that BIMI tries only to show legit logos, even though it makes it impractical for anyone other than largish organizations. R's, John ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Displaying logos
Indicators can easily float about halfway outside the avatar shape. It would be possible to approach something that looks a bit like it in the logo, but never completely. Then there is the fact that this will differ per platform, you can never make it look like all of them. About borders: it would be quite easy to include a gold border in the logo. Now you're asking your user to see if the gold border also has another color border around it, it seems to have basically the same issue, while also being worse UX wise in my opinion. I get what you mean about the potential for "faking" indicators though, even if it wouldn't match exactly, it should be a concern for anyone developing UI for this. Groetjes, Louis Op zaterdag 13 januari 2024 om 21:47, schreef Randolf Richardson, Postmaster via mailop :II > > Robert L Mathews said: > > > I hope nobody creates MUA features that show non-BIMI logos in the same > space > > > as BIMI logos (or that make it difficult for users to notice the > difference, > > > such as a tiny padlock superimposed on it sometimes). > > > > Superimposing something to indicate validity won't work. The bad guys can > > just use a "logo" with that mark already installed. > > > > It might work to put a gold border around checked logos and a black/red > dashed > > line around non-validated logos. > > That's actually a better solution than what I suggested. > > > Another possibility would be to differentiate by size, shape, or location. > > These options are less likely to work because each vendor will do > things differently, various limitations emerge from different screen > sizes, and some vendors keep changing their user interfaces (which > drives some users absolutely bonkers to the point where they tend to > become desensitized to user interface nuances). > > Your first idea is much better. > > -- > Postmaster - postmas...@inter-corporate.com [postmas...@inter-corporate.com] > Randolf Richardson, CNA - rand...@inter-corporate.com > [rand...@inter-corporate.com] > Inter-Corporate Computer & Network Services, Inc. > Vancouver, British Columbia, Canada > https://www.inter-corporate.com/ [https://www.inter-corporate.com/] > > ___ > mailop mailing list > mailop@mailop.org [mailop@mailop.org] > https://list.mailop.org/listinfo/mailop > [https://list.mailop.org/listinfo/mailop]___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Displaying logos
> Robert L Mathews said: > > I hope nobody creates MUA features that show non-BIMI logos in the same > > space > > as BIMI logos (or that make it difficult for users to notice the difference, > > such as a tiny padlock superimposed on it sometimes). > > Superimposing something to indicate validity won't work. The bad guys can > just use a "logo" with that mark already installed. > > It might work to put a gold border around checked logos and a black/red > dashed > line around non-validated logos. That's actually a better solution than what I suggested. > Another possibility would be to differentiate by size, shape, or location. These options are less likely to work because each vendor will do things differently, various limitations emerge from different screen sizes, and some vendors keep changing their user interfaces (which drives some users absolutely bonkers to the point where they tend to become desensitized to user interface nuances). Your first idea is much better. -- Postmaster - postmas...@inter-corporate.com Randolf Richardson, CNA - rand...@inter-corporate.com Inter-Corporate Computer & Network Services, Inc. Vancouver, British Columbia, Canada https://www.inter-corporate.com/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Displaying logos
Robert L Mathews said: > I hope nobody creates MUA features that show non-BIMI logos in the same space > as BIMI logos (or that make it difficult for users to notice the difference, > such as a tiny padlock superimposed on it sometimes). Superimposing something to indicate validity won't work. The bad guys can just use a "logo" with that mark already installed. It might work to put a gold border around checked logos and a black/red dashed line around non-validated logos. Another possibility would be to differentiate by size, shape, or location. -- These are my opinions. I hate spam. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
