[discuss] Who is responsible for security
nashton at ccianet.org
Fri Jan 17 05:22:03 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Security in its various guises is THE policy subject with respect to the Internet. Therefore, it cannot be divorced from IG and if you try policymakers will write you (you in this instance being whatever part of the Internet policy community tries to suggest it isn't an IG issue) out of the equation.
There seems to be a strain of thought that issues of technical governance / management can be divorced from the broader issues driving Internet policy. This is just not true, nor has it been for some time.
Roland Perry <roland at internetpolicyagency.com> wrote:
>In message <52D82E2D.2080806 at gmail.com>, at 08:08:29 on Fri, 17 Jan
>2014, Brian E Carpenter <brian.e.carpenter at gmail.com> writes
>>Since most of the security exposures popularly blamed on the
>>Internet are actually due to weaknesses in the end systems, it's
>>especially important to remove most of this problem from the
This is simply not the case, or we wouldn't be taking about mass surveillance in the way that we are. This conception, with respect, became obsolete on week 1 of the Snowden disclosures.
>The 'popular' weaknesses are more to do with a lack of built-in
>authentication in the core. With apologies for introducing spam again,
>Open Relays are a classic example.
And there are many more, such as plaintext exchanges of email between mail servers that have not implemented SSL/TTLS/etc.
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-----BEGIN PGP SIGNATURE-----
Version: APG v1.0.9
-----END PGP SIGNATURE-----
More information about the discuss