On 7/3/25 6:16 PM, Alex Buie wrote:
On Thu, Jul 3, 2025 at 8:12 PM Michael Thomas via NANOG
<[email protected]> wrote:
.
>> So by all means, let's get rid of TLS as well. ::eyeroll::
>>
>> Mike
>>
>>
> I'm not saying to get rid of any of these things. I'm just
saying expecting
> them to replace user training in critical thinking is foolish,
and overall,
> the point Rich made makes sense. If you tell people "as long as
you check
> these things you can trust it" they are way more likely to believe
> something unbelievable if it has all those "you can trust me" flags.
Good thing nobody thought that it's a substitute. Making incremental
improvements don't have to be viewed as, uh, cure-alls. That would
be,
uh, foolish.
Mike
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/[email protected]/message/4FPNUYKZPDZELNK3XY5KWBH6HY7X4RK5/
I agree with you they are not a substitute and that is foolish. There
are many who come to say they have the one and final true solution to
spam and email auth though. My argument is anything purporting to do
so is attempting to critically think for the user.
While the incremental improvement to auth is good, one could argue the
user experience implementing is not, as I think Rich is saying, and I
agree. We are training people to only check for and believe the
machine signal which can sometimes be “truthfully false” as in the
case of email credential compromise and trademark impersonation.
The idea is to train people that something might be wrong. Not that
something is right. He's wrong if he thinks that is what the intent was.
That would be bad read of history.
Mike
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/[email protected]/message/7UWD2DOBK2EOECTHVWXBXYDDOIZ3WELJ/
