[discuss] Who is responsible for security
Nick Ashton-Hart
nashton at ccianet.org
Fri Jan 17 05:22:03 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
+1 Roland
Security in its various guises is THE policy subject with respect to the Internet. Therefore, it cannot be divorced from IG and if you try policymakers will write you (you in this instance being whatever part of the Internet policy community tries to suggest it isn't an IG issue) out of the equation.
There seems to be a strain of thought that issues of technical governance / management can be divorced from the broader issues driving Internet policy. This is just not true, nor has it been for some time.
Inline responses
Roland Perry <roland at internetpolicyagency.com> wrote:
>In message <52D82E2D.2080806 at gmail.com>, at 08:08:29 on Fri, 17 Jan
>2014, Brian E Carpenter <brian.e.carpenter at gmail.com> writes
<snip>
>>Since most of the security exposures popularly blamed on the
>>Internet are actually due to weaknesses in the end systems, it's
>>especially important to remove most of this problem from the
>>Ig rubric.
This is simply not the case, or we wouldn't be taking about mass surveillance in the way that we are. This conception, with respect, became obsolete on week 1 of the Snowden disclosures.
>The 'popular' weaknesses are more to do with a lack of built-in
>authentication in the core. With apologies for introducing spam again,
>Open Relays are a classic example.
+1
And there are many more, such as plaintext exchanges of email between mail servers that have not implemented SSL/TTLS/etc.
- --
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-----BEGIN PGP SIGNATURE-----
Version: APG v1.0.9
iQFEBAEBCgAuBQJS2L37JxxOaWNrIEFzaHRvbi1IYXJ0IDxuYXNodG9uQGNjaWFu
ZXQub3JnPgAKCRDGL9fGMqbWTQ71B/4lmJuOnmHQB/KjPeQMgoifM+rY75WTJC1E
EWNz8g4dirwqmCBzsp2RtjcdMpUr1DB23ZHM08IHtEoqo0lBz1TFaBQzHcCVB+PZ
QjGnUI3ilk5WSXF5SlRvdpFfn5ss1b1Bjo0qIyn1fwrrWfr9Uaz8n6vhlbaCZzyh
8lybjmhyc9esTgySuMX6gpv1NoOQ5xqYk53zY/btJlJ08kvrIGSwJ73EMP4sYxrJ
sNBhYvUc5hqnVbxDbbGZClJuCMUHgDGTif4IDhnAwpzomEza/oJiAYNNkcIM+dTX
9TFs5UhKCuBwOd6yJJ8YWWbJi32vAiZ0nHE3rhRnmZtjfs4g7lJa
=7YOw
-----END PGP SIGNATURE-----
More information about the discuss
mailing list