[17437] in cryptography@c2.net mail archive
Re: encrypted tapes
daemon@ATHENA.MIT.EDU (Florian Weimer)
Thu Jun 9 10:41:56 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: Florian Weimer <fw@deneb.enyo.de>
To: lists@notatla.org.uk
Cc: perry@piermont.com, astiglic@okiok.com, ant@notatla.org.uk,
cryptography@metzdowd.com
Date: Thu, 09 Jun 2005 15:53:57 +0200
In-Reply-To: <42A7F67F.mail95011X9O5@notatla.org.uk> (lists@notatla.org.uk's
message of "Thu, 09 Jun 2005 08:57:51 +0100")
> - you must prove it before you can report it
I don't think this is a good policy in general. Often, it's more
cost-effective to fix a potential vulnerability than to investigate it
in detail, construct a proof that it's real, and fix it. This is
especially true in environments where changes can be deployed at
moderate cost. (I know that there are others.)
To sum it up, I think it's fine to report potential problems as well,
but they have to be labeled as such (so that they receive the right
priority).
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
