At 18:42 3/22/95, Bob Fillmore 992-2832 wrote:
>Eric Murray writes:
>
>> Dr. Frederick B. Cohen wrote:
>> >
>> > The real question is whether the good guys will get the release before
>> > the bad guys and how you tell them apart.
>
>> how would you be able to tell 'good sysadmin' from 'bad hacker'?
>
>Seems to me that there should be a secure way for an organization
>such as CERT to release a tool like this a month or two in advance
>to bona fide domain technical contacts, as registered by the InterNIC.
>Perhaps something like PGP could be used to verify that the tool
>is sent to the correct person and isn't tampered with along the way.
>How about this, CERT? InterNIC? Any volunteers?
We've been down this path several times on Firewalls, every time resulting
in a flamewar. Take this discussion somewhere else.
There was another mailing list formed specificly for discussion of issues
like this. I'm off-line at the moment, however, and can't look it up; can
somebody fill in the details?
-Brent
----------------------------------------------------------------------
For info about the Internet Security Firewalls Tutorial and a schedule
of upcoming dates, please send email to Tutorial-Info @
GreatCircle .
COM
----------------------------------------------------------------------
Brent Chapman Great Circle Associates
Brent @
GreatCircle .
COM 1057 West Dana Street
+1 415 962 0841 Mountain View, CA 94041
|
|
