mailing list archives
Re: NMRC Advisory - KeyManager Issue in ISS RealSecure on Nokia Appliances
From: Georgi Guninski <guninski () guninski com>
Date: Thu, 21 Mar 2002 14:51:39 +0200
No NMRC advisory, let alone one written by me would be complete without
some sort of rant so here it goes;
Responsible Disclosure and the IETF: I applaud Chris Wysopal and Steve
Christey for their efforts in attempting to bring a standard to
vulnerability disclosure. I may not have agreed with the entire document
but at least these two guys were willing to take input from the community
as a whole. I hope the standard finds a home and eventually evolves to
something acceptable by the research community as a whole. Trust me folks
-- we do not want government, or any vendor to do this for us. Too bad
the IETF doesn't have the balls or brains to deal with this issue.
I disagree with you.
This RFC was quite a bad idea.
I like it that according to this
the IETF is currently quiting from this project.
My thoughts on the subject are available at:
For me this draft RFC was quite driven by at least one large corporation.
Sure, if large corporations buy enough politicians they may pass laws
in some countries which outlaw even thinking about bugs in their "supreme warez".
But this won't help at all, the most it can do is drive people who disclose bugs
underground, which IMHO will be much worse for users than the current situation.
So my advice to the future of this draft RFC is "be carefull what you wish for".
Just my 2 stotinki,