[123998] in North American Network Operators' Group
Re: NSP-SEC - should read Integrity
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Fri Mar 19 10:13:32 2010
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <20100319135636.GA17876@vacation.karoshi.com.>
Date: Fri, 19 Mar 2010 10:12:58 -0400
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mar 19, 2010, at 9:56 AM, bmanning@vacation.karoshi.com wrote:
> On Fri, Mar 19, 2010 at 08:44:29AM -0500, William Pitcock wrote:
>> On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote:
>>> An ongoing area of work is to build better closed,
>>> trusted communities without leaks.=20
>>=20
>> Have you ever considered that public transparency might not be a bad
>> thing? This seems to be the plight of many security people, that =
they
>> have to be 100% secretive in everything they do, which is total
>> bullshit.
> =09
> I thnk I'd settle for operators with Integrity. those who do =
what=20
> they say.=20
If we had that, no secrecy would be needed.
But anyone who thinks publishing everything we learn about the =
miscreants is a Good Idea, has never tried to take out a botnet or =
snow-shoe spammer or ....
Secrecy sucks. If you think those keeping secrets enjoy it[*], you just =
haven't been bored to tears by working one of these issues. Seriously, =
most of the work is mind numbingly horrible, and I have nothing but the =
utmost respect for people who do it on a regular basis. (In case it is =
not clear, I do not have to do it often, and for that I think whatever =
ghods there may be.)
Put another way: Do not dis those that make the Internet safer for you. =
They spend time, effort, and money - frequently their own - and risk =
much more (ever been sued by a spammer?). In return, they often get =
nothing. Before you question (and to be clear, I am not saying you =
should not question), offer to help and see things from their side.
--=20
TTFN,
patrick
[*] I'm sure there are a few who get off on the thrill. But that's the =
exception, not the rule.
