[3302] in WWW Security List Archive
New list?
daemon@ATHENA.MIT.EDU (hallam@ai.mit.edu)
Sat Oct 19 16:34:22 1996
From: hallam@ai.mit.edu
To: www-security@ns2.rutgers.edu
Cc: hallam@ai.mit.edu
Date: Sat, 19 Oct 96 14:34:59 -0400
Errors-To: owner-www-security@ns2.rutgers.edu
Does anyone feel like its time to move to creating a new list. This
one seems to be past it. I suggest a new list for discussion of the
following topics :-
1) How to secure a site (Intranet) connected to the Internet
This would not be restricted to discussion of firewalls since
the treat that firewalls were originally designed to meet
was to prevent information leaking _out_ of the company
rather than prevent trojan horses etc from comming in.
I'm quite involved with router and bridge level filtering
these days.
2) Safe content types to allow into an Intranet
Is postscript a risk? Is Java safe? How to block these content
types.
3) Announcements of conferences etc
4) Configuration of various products, discovery of security weaknesses.
e.g. NCSA server bugs, Netscape crypto foul ups, WNT
vulnerabilities.
5) Experience of using certification technologies
6) Case studies of attacks against sites.
7) Warnings of attacks in progress (e.g. SYN, mailflood etc).
8) Announcement of new directions in cryptography.
Off topic :-
1) Discussion of particular viruses, particularly Windows 3.1 and
MAC. Its a tedious issue for which the only solution is to
move to a more competent operating system.
2) Crypto politics discussion.
Been on the net more than a month? You probably know the
arguments backwards. More talk will do little to change things.
Annoncements of developments _might_ be appropriate.
Overall I would see the "research" angle as being mainly requirements
capture rather than discussion of security protocol development
I would like the list to mark an advance on the traditional mailing
list idea. Joining the list would require Web access. There would be
an online FAQ and resource list. The list would comprise a "digest"
sumarising the latest developments and accompanying "chat".
As an attempt to increase the signal/noise ratio the idea would be
to orient the list arround the development of a collection of
"living documents". These would include the FAQ, resource lists
etc.
What I am proposing is something that is more like a cooperative
publishing house/litterary circle than simply a correspondence
society.
Phill
