On 1/20/2021 10:41 AM, Kjetil Torgrim Homme wrote:
On Tue, 2021-01-19 at 10:53 -0800, Ned Freed wrote:
But if you know that it's a reaction the UA can check for this sort
of thing and handle it appropriately. I note that handling is
unlikely to be to display the message as-is, so tricks like this are
unlikely to work all that well.
"appropriately" is too vague, IMHO. some guidance on how this should
be presented is called for, I think. otherwise this is no better than
the "me too" or "*rofl*" messages we already had.
Forgive me, but it is important that this specification NOT specify or
give substantial guidance about presentation choices.
Such choices are the purview of user experience / usability designers.
As a body, the IETF does not have expertise in that realm.
Further, there is no established body of experience in doing such
designs, within the context of email. Gaining experience in such
designs is a goal of this experiment.
That means that this specification for the underlying, enabling
mechanism, needs to leave UX designers free to try alternative methods
of handling this capability, to see which work better and which don't.
Of course it would be better if we were able to fully specify how all
this works down to the last detail.
No it really wouldn't.
The considerable history of the Internet's considerable success is,
rather, a lesson in specifying as little as is essential, rather than as
much as is possible. The result is to enable innovation.
Medium, OTOH, has a limit of 50 repeats. I've seen BBSes
that impose no limits whatsoever.
I think it is reasonable to restrict the number of emojis to a handful,
perhaps 2-3.
Why?
Is there an established pattern of excess? No.
Is there a danger to system operation? No.
Do we have a basis for deciding what the limit should be? No.
What will the damage be to the recipient? None.
I also question the need to worry all that much about traditional
spammers in these circumstances. Remember that for a reaction to be
valid it has to link to a previous valid message. So in order to do
this you need access to a valid previous message. In the case of
interpersonal mail this means having access to one of the mailvboxes
or the mail system, in which case you have much bigger things to
worry about than spoofed reactions.
that ties in to point 4 - the spammer can send an innocuous message,
and the actual attention grabbing text via reactions to their own
message.
Perhaps you can point to some empirical research that substantiates this
threat?
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
