Jack, > everyone in the working group has had their email address exposed on the > P1619 reflector
Do you suggest that it is right? If not, something has to be done about it. And don't kill the messenger! > It is not a credible claim, and it is contentious to suggest that you are > being targeted or that the P1619 reflector, or IEEE is largely or solely > responsible for your exposure to any spam It may be a coincidence. I already contacted my ISP for a proof that in the last several days the spam sent to my email address significantly increased. Of course, no one can be sure about its cause (post hoc ergo propter hoc). > Suggestively personalizing this to Jim I asked his help to fix a problem. What makes you think I accused him with anything? > Your statement that "Nobody seems to get my point" ignores the other > observation that no one seems to accept your point of view. I meant that all two of the P1619 members, who reacted to my note, misunderstood my point. It was clearly explained in that paragraph from where you took your quote, that the issue was not misuse, but honest mistakes. I even wrote "I would accept this [contrary] position...", so you saying that "No obligation exists for the majority to accept your point of view" is not relevant to that discussions. Until I cannot make my point understandable, how could anyone accept or reject it? Furthermore, why do you speak about the majority? There were only two members who replied. > I will open a discussion with Curtis and the members of the IASC and SSSC > about the management of this project in respect of continued discussion on > rejected points Please name a rejected point, where the discussion continued. Or even just a topic, where the majority of the members expressed a wish to stop. > personalization of incredible suggestions of personal targeting I already explained in my response to Serge, that I wanted to say that it was an error in the email archive program, and one of the members was not careful enough (it turned out that none of the members were careful enough). There was no suggestion of personal targeting. I pointed out, though, that this error in the email archive program could provide "a cheap way to silence someone in the reflector". Since, obviously, I was not silenced; this sentence could only explain the possible dangers, and it has no "suggestions of personal targeting". > we watch this group churn over continually rejected points Do you suggest, there are many such points? These are serious accusations. Please provide a list of such points. > now to something very close to personal attacks A personal attack on the email archive program? I wrote "I am not suggesting that the mail archive was architected by this kind of people [incompetent]". And saying, that someone made a mistake could be wrong, but it is not very close to a personal attack. But it is very unfortunate to have to waist our time and email bandwidth on such ridiculous issues. The only relevant answer to my email could have been that the problem was going to be fixed, or not, with giving some reasons. Laszlo > -------- Original Message -------- > Subject: P1619 Functionality > From: "Cole, John (Civ, ARL/CISD)" <[EMAIL PROTECTED]> > Date: Mon, May 29, 2006 3:20 pm > To: <[EMAIL PROTECTED]>, "SISWG" <[EMAIL PROTECTED]> > > Laszlo, > > Serge is right: everyone in the working group has had their email address > exposed on the P1619 reflector. And a Google search for your email address > shows that it appears in a number of other places on the internet in addition > to the P1619 archive. Examples: > > http://www.hindawi.com/GetArticle.aspx?doi=10.1155/ES/2006/32192&e=CTA > http://springerlink.metapress.com/openurl.asp?genre=article&issn=0302-9743&volume=3156&spage=45 > http://eprint.iacr.org/2004/198.pdf > http://www.merit.edu/mail.archives/netsec/2005-05/msg00020.html > > It is not a credible claim, and it is contentious to suggest that you are > being targeted or that the P1619 reflector, or IEEE is largely or solely > responsible for your exposure to any spam you receive. Suggestively > personalizing this to Jim or to Shai as actors against you is completely > unacceptable. And there is not an ounce of credibililty to state that anyone > who has been connected to the internet for long has escaped until this day > the superabundance of spam that is sent. > > Your statement that "Nobody seems to get my point" ignores the other > observation that no one seems to accept your point of view. You have a right > to be heard, and disparate views are encouraged, but there is a limit. No > obligation exists for the majority to accept your point of view. The working > group does have the right and even an obligation to close off discussion on > such points, and to move on, labeling these as settled points. Continued > discussion of such points can be disruptive and might establish a basis for > removal from the reflector of that person causing the disruption. And making > incredible charges personalized to individuals is another legitimate basis. > > The IASC, which I chair, and the SSSC, which Curtis chairs, jointly sponsor > the P1619 project. I will open a discussion with Curtis and the members of > the IASC and SSSC about the management of this project in respect of > continued discussion on rejected points and personalization of incredible > suggestions of personal targeting. Normally sponsors (the IASC and SSSC) do > not interfere in the operations of working groups, preferring lassisez-faire > approach. But as we watch this group churn over continually rejected points, > and now to something very close to personal attacks, our obligations to the > Computer Society and to IEEE may require suspension of that approach. > > Jack > > > > > -----Original Message----- > From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] > Sent: Mon 5/29/2006 2:17 PM > To: SISWG > Cc: > Subject: RE: P1619: Errors happen > > > > Serge, > > > Did you notice that you have published e-mail addresses of other > people > > No, I did not (I only noticed the huge increase of spam sent to me, not > the spam sent to other people). I assumed (wrongly) that addresses are > blinded in quoted email headers in the reflector, because most bulletin > board software does that for a long time now. Addresses outside of email > headers are mostly left unchanged, and we ought to be careful. It is not > the person to be blamed, but the mail archive program, what I asked to > be enhanced with a mail blinding filter. > > > There is no need to insult members of the group. > > It was not my intension, but to show that errors do happen, and not only > when the system was "architected by people who don't know what they are > doing." I am not suggesting that the mail archive was architected by > this kind of people. Knowing that I constantly make mistakes, makes it > desirable for me to architect systems, which are less susceptible to > human errors. > > > we will not be able to prevent misuse of the standard > > Nobody seems to get my point. Of course, you can misuse the standard. I > have been worried about innocent user mistakes. If we don't do > anything, which prevents grandma storing her keys on the encrypted disk > with a simple applet or script; or the OS swaps the memory to disk, when > she looks at her keys; she will be an innocent victim. These can be > trivially thwarted, so why don't we do it? You could argue, that there > are infinitely many other innocent mistakes, we cannot possibly prevent > them all. I don't know about many other mistakes, which are not > preventable by common sense (like posting the keys on a website). I > would accept this position, if you show me a large number of uncommon > sense mistakes. > > Laszlo > > > -------- Original Message -------- > > Subject: RE: P1619: Errors happen > > From: "Serge Plotkin" > > Date: Mon, May 29, 2006 1:37 pm > > > > Laszlo, > > > > Did you notice that you have published e-mail addresses of other > people > > to the list yourself ? Example: you message on Wed, 24 May 2006 > 12:36:26 > > -0400, > > Also your message from 26 May 2006 19:16:05 -0700. > > I bet I can find more... > > > > There is no need to insult members of the group. > > > > By the way, Shai's claim that we will not be able to prevent misuse of > > the standard is a perfectly valid one. All we can do is to add > warnings. > > As I have mentioned many times before, it is very easy to architect a > > system that will conform to a standard but will be totally not secure. > > > > -serge > > > > > > > -----Original Message----- > > > Sent: Monday, May 29, 2006 9:46 AM > > > To: SISWG > > > > > > Jim, > > > > > > Could you please, once again, let someone edit the archived emails > in > > > the reflector? In the messages msg00887, msg00880, msg00876 Shai > > > spelled out my full email address. Since these posts I received > > > hundreds of junk email, making my email account almost unusable. > > > Publishing email addresses looks like a cheap way to silence someone > > in > > > the reflector: the spammers do the dirty work for free. > > > > > > One would think, that such a stupid mistake (as Shai wrote for > storing > > > keys on disk) 'does not arise in "real world systems" (unless they > > were > > > architected by people who don't know what they are doing)'. It > proves > > my > > > point (classified as red herring): mistakes do happen, and even > > > information security professionals make errors of serious > > consequences. > > > > > > Would it be possible to install a filter, which automatically blinds > > > email addresses in messages posted to the reflector? > > > > > > Laszlo
