Laszlo, Serge is right: everyone in the working group has had their email address exposed on the P1619 reflector. And a Google search for your email address shows that it appears in a number of other places on the internet in addition to the P1619 archive. Examples: http://www.hindawi.com/GetArticle.aspx?doi=10.1155/ES/2006/32192&e=CTA http://springerlink.metapress.com/openurl.asp?genre=article&issn=0302-9743&volume=3156&spage=45 http://eprint.iacr.org/2004/198.pdf http://www.merit.edu/mail.archives/netsec/2005-05/msg00020.html It is not a credible claim, and it is contentious to suggest that you are being targeted or that the P1619 reflector, or IEEE is largely or solely responsible for your exposure to any spam you receive. Suggestively personalizing this to Jim or to Shai as actors against you is completely unacceptable. And there is not an ounce of credibililty to state that anyone who has been connected to the internet for long has escaped until this day the superabundance of spam that is sent. Your statement that "Nobody seems to get my point" ignores the other observation that no one seems to accept your point of view. You have a right to be heard, and disparate views are encouraged, but there is a limit. No obligation exists for the majority to accept your point of view. The working group does have the right and even an obligation to close off discussion on such points, and to move on, labeling these as settled points. Continued discussion of such points can be disruptive and might establish a basis for removal from the reflector of that person causing the disruption. And making incredible charges personalized to individuals is another legitimate basis. The IASC, which I chair, and the SSSC, which Curtis chairs, jointly sponsor the P1619 project. I will open a discussion with Curtis and the members of the IASC and SSSC about the management of this project in respect of continued discussion on rejected points and personalization of incredible suggestions of personal targeting. Normally sponsors (the IASC and SSSC) do not interfere in the operations of working groups, preferring lassisez-faire approach. But as we watch this group churn over continually rejected points, and now to something very close to personal attacks, our obligations to the Computer Society and to IEEE may require suspension of that approach. Jack
-----Original Message----- From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Mon 5/29/2006 2:17 PM To: SISWG Cc: Subject: RE: P1619: Errors happen Serge, > Did you notice that you have published e-mail addresses of other people No, I did not (I only noticed the huge increase of spam sent to me, not the spam sent to other people). I assumed (wrongly) that addresses are blinded in quoted email headers in the reflector, because most bulletin board software does that for a long time now. Addresses outside of email headers are mostly left unchanged, and we ought to be careful. It is not the person to be blamed, but the mail archive program, what I asked to be enhanced with a mail blinding filter. > There is no need to insult members of the group. It was not my intension, but to show that errors do happen, and not only when the system was "architected by people who don't know what they are doing." I am not suggesting that the mail archive was architected by this kind of people. Knowing that I constantly make mistakes, makes it desirable for me to architect systems, which are less susceptible to human errors. > we will not be able to prevent misuse of the standard Nobody seems to get my point. Of course, you can misuse the standard. I have been worried about innocent user mistakes. If we don't do anything, which prevents grandma storing her keys on the encrypted disk with a simple applet or script; or the OS swaps the memory to disk, when she looks at her keys; she will be an innocent victim. These can be trivially thwarted, so why don't we do it? You could argue, that there are infinitely many other innocent mistakes, we cannot possibly prevent them all. I don't know about many other mistakes, which are not preventable by common sense (like posting the keys on a website). I would accept this position, if you show me a large number of uncommon sense mistakes. Laszlo > -------- Original Message -------- > Subject: RE: P1619: Errors happen > From: "Serge Plotkin" > Date: Mon, May 29, 2006 1:37 pm > > Laszlo, > > Did you notice that you have published e-mail addresses of other people > to the list yourself ? Example: you message on Wed, 24 May 2006 12:36:26 > -0400, > Also your message from 26 May 2006 19:16:05 -0700. > I bet I can find more... > > There is no need to insult members of the group. > > By the way, Shai's claim that we will not be able to prevent misuse of > the standard is a perfectly valid one. All we can do is to add warnings. > As I have mentioned many times before, it is very easy to architect a > system that will conform to a standard but will be totally not secure. > > -serge > > > > -----Original Message----- > > Sent: Monday, May 29, 2006 9:46 AM > > To: SISWG > > > > Jim, > > > > Could you please, once again, let someone edit the archived emails in > > the reflector? In the messages msg00887, msg00880, msg00876 Shai > > spelled out my full email address. Since these posts I received > > hundreds of junk email, making my email account almost unusable. > > Publishing email addresses looks like a cheap way to silence someone > in > > the reflector: the spammers do the dirty work for free. > > > > One would think, that such a stupid mistake (as Shai wrote for storing > > keys on disk) 'does not arise in "real world systems" (unless they > were > > architected by people who don't know what they are doing)'. It proves > my > > point (classified as red herring): mistakes do happen, and even > > information security professionals make errors of serious > consequences. > > > > Would it be possible to install a filter, which automatically blinds > > email addresses in messages posted to the reflector? > > > > Laszlo