Laszlo,
Serge is right: everyone in the working group has had their email address
exposed on the P1619 reflector. And a Google search for your email address
shows that it appears in a number of other places on the internet in addition
to the P1619 archive. Examples:
http://www.hindawi.com/GetArticle.aspx?doi=10.1155/ES/2006/32192&e=CTA
http://springerlink.metapress.com/openurl.asp?genre=article&issn=0302-9743&volume=3156&spage=45
http://eprint.iacr.org/2004/198.pdf
http://www.merit.edu/mail.archives/netsec/2005-05/msg00020.html
It is not a credible claim, and it is contentious to suggest that you are being
targeted or that the P1619 reflector, or IEEE is largely or solely responsible
for your exposure to any spam you receive. Suggestively personalizing this to
Jim or to Shai as actors against you is completely unacceptable. And there is
not an ounce of credibililty to state that anyone who has been connected to the
internet for long has escaped until this day the superabundance of spam that is
sent.
Your statement that "Nobody seems to get my point" ignores the other
observation that no one seems to accept your point of view. You have a right
to be heard, and disparate views are encouraged, but there is a limit. No
obligation exists for the majority to accept your point of view. The working
group does have the right and even an obligation to close off discussion on
such points, and to move on, labeling these as settled points. Continued
discussion of such points can be disruptive and might establish a basis for
removal from the reflector of that person causing the disruption. And making
incredible charges personalized to individuals is another legitimate basis.
The IASC, which I chair, and the SSSC, which Curtis chairs, jointly sponsor the
P1619 project. I will open a discussion with Curtis and the members of the IASC
and SSSC about the management of this project in respect of continued
discussion on rejected points and personalization of incredible suggestions of
personal targeting. Normally sponsors (the IASC and SSSC) do not interfere in
the operations of working groups, preferring lassisez-faire approach. But as we
watch this group churn over continually rejected points, and now to something
very close to personal attacks, our obligations to the Computer Society and to
IEEE may require suspension of that approach.
Jack
-----Original Message-----
From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED]
Sent: Mon 5/29/2006 2:17 PM
To: SISWG
Cc:
Subject: RE: P1619: Errors happen
Serge,
> Did you notice that you have published e-mail addresses of other
people
No, I did not (I only noticed the huge increase of spam sent to me, not
the spam sent to other people). I assumed (wrongly) that addresses are
blinded in quoted email headers in the reflector, because most bulletin
board software does that for a long time now. Addresses outside of email
headers are mostly left unchanged, and we ought to be careful. It is not
the person to be blamed, but the mail archive program, what I asked to
be enhanced with a mail blinding filter.
> There is no need to insult members of the group.
It was not my intension, but to show that errors do happen, and not only
when the system was "architected by people who don't know what they are
doing." I am not suggesting that the mail archive was architected by
this kind of people. Knowing that I constantly make mistakes, makes it
desirable for me to architect systems, which are less susceptible to
human errors.
> we will not be able to prevent misuse of the standard
Nobody seems to get my point. Of course, you can misuse the standard. I
have been worried about innocent user mistakes. If we don't do
anything, which prevents grandma storing her keys on the encrypted disk
with a simple applet or script; or the OS swaps the memory to disk, when
she looks at her keys; she will be an innocent victim. These can be
trivially thwarted, so why don't we do it? You could argue, that there
are infinitely many other innocent mistakes, we cannot possibly prevent
them all. I don't know about many other mistakes, which are not
preventable by common sense (like posting the keys on a website). I
would accept this position, if you show me a large number of uncommon
sense mistakes.
Laszlo
> -------- Original Message --------
> Subject: RE: P1619: Errors happen
> From: "Serge Plotkin"
> Date: Mon, May 29, 2006 1:37 pm
>
> Laszlo,
>
> Did you notice that you have published e-mail addresses of other
people
> to the list yourself ? Example: you message on Wed, 24 May 2006
12:36:26
> -0400,
> Also your message from 26 May 2006 19:16:05 -0700.
> I bet I can find more...
>
> There is no need to insult members of the group.
>
> By the way, Shai's claim that we will not be able to prevent misuse of
> the standard is a perfectly valid one. All we can do is to add
warnings.
> As I have mentioned many times before, it is very easy to architect a
> system that will conform to a standard but will be totally not secure.
>
> -serge
>
>
> > -----Original Message-----
> > Sent: Monday, May 29, 2006 9:46 AM
> > To: SISWG
> >
> > Jim,
> >
> > Could you please, once again, let someone edit the archived emails
in
> > the reflector? In the messages msg00887, msg00880, msg00876 Shai
> > spelled out my full email address. Since these posts I received
> > hundreds of junk email, making my email account almost unusable.
> > Publishing email addresses looks like a cheap way to silence someone
> in
> > the reflector: the spammers do the dirty work for free.
> >
> > One would think, that such a stupid mistake (as Shai wrote for
storing
> > keys on disk) 'does not arise in "real world systems" (unless they
> were
> > architected by people who don't know what they are doing)'. It
proves
> my
> > point (classified as red herring): mistakes do happen, and even
> > information security professionals make errors of serious
> consequences.
> >
> > Would it be possible to install a filter, which automatically blinds
> > email addresses in messages posted to the reflector?
> >
> > Laszlo
