On 2/5/2024 1:56 PM, Jim Fenton wrote:
nd you will also provide citations to refereed research about what you just
asserted as well, yes?
Ahh, you want me to prove the negative. That's not exactly how these
things go.
When someone says something works, the burden of documenting it is on them.
When someone says something does not work, it is sufficient to note that
we have some decades of efforts and no serious documentation of
efficacy. And a very large scale example of it /not/ working, as I noted.
Bottom line: Claiming that we just need to train users better is a way
of dodging any serious effort to deal with the topic. The nature of
human cognition, and the challenges of adequately encoding essential
security-related information that is effective for 90% of users(*) works
very aggressively against any claim that this is something that can
usefully be dealt with by user training.
d/
(*) When someone talks about 'average' users, one has left off (at
least) half the user population...
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
mast:@dcrocker@mastodon.social
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim