[67306] in North American Network Operators' Group
Re: Stopping open proxies and open relays
daemon@ATHENA.MIT.EDU (Petri Helenius)
Sat Feb 7 13:28:50 2004
Date: Sat, 07 Feb 2004 20:27:11 +0200
From: Petri Helenius <pete@he.iki.fi>
To: Valdis.Kletnieks@vt.edu
Cc: =?ISO-8859-1?Q?Gu=F0bj=F6rn_Hreinsson?= <gsh@centrum.is>,
nanog@merit.edu
In-Reply-To: <200402071742.i17Hgtgq023504@turing-police.cc.vt.edu>
Errors-To: owner-nanog-outgoing@merit.edu
Valdis.Kletnieks@vt.edu wrote:
>I wouldn't recommend trying to expand it to "prohibit making and selling
>computers that are insecure", since no computer is 100% secure, and there's
>no objective "secure enough" standard - closest you will get there is
>probably Dell's offer to ship machines pre-hardened to Center for Internet
>Security guidelines.
>
>
>
>
It would help if systems would only execute code that is signed
properly. This would make malware traceable. However the current way of
getting your code signed is in many cases too costly for the casual open
source developer so people are used to running unsigned or selfsigned
application even when the facilities to check signatures would already
exist in the system. (though for example in Windows, signatures are only
checked at install, not runtime)
Pete
