On 7/3/25 6:16 PM, Alex Buie wrote:
On Thu, Jul 3, 2025 at 8:12 PM Michael Thomas via NANOG <nanog@lists.nanog.org> wrote:
. >> So by all means, let's get rid of TLS as well. ::eyeroll:: >> >> Mike >> >> > I'm not saying to get rid of any of these things. I'm just saying expecting > them to replace user training in critical thinking is foolish, and overall, > the point Rich made makes sense. If you tell people "as long as you check > these things you can trust it" they are way more likely to believe > something unbelievable if it has all those "you can trust me" flags.
Good thing nobody thought that it's a substitute. Making incremental improvements don't have to be viewed as, uh, cure-alls. That would be, uh, foolish.
Mike
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/4FPNUYKZ...
I agree with you they are not a substitute and that is foolish. There are many who come to say they have the one and final true solution to spam and email auth though. My argument is anything purporting to do so is attempting to critically think for the user.
While the incremental improvement to auth is good, one could argue the user experience implementing is not, as I think Rich is saying, and I agree. We are training people to only check for and believe the machine signal which can sometimes be “truthfully false” as in the case of email credential compromise and trademark impersonation.
The idea is to train people that something might be wrong. Not that something is right. He's wrong if he thinks that is what the intent was. That would be bad read of history. Mike