Re: NSP-SEC

[John Kristoff <jtk () cymru com>]

On Fri, 19 Mar 2010 04:43:18 +0100
Guillaume FORTAINE <gfortaine () live com> wrote:

> First question : Why was I able to find this mail on the Internet if
> it should be kept secret ?

nsp-security was originally formed out of the dissatisfaction with
other so-called private collaborative channels back when it was formed
a number of years ago.  There are many more lists and groups that have
since formed along the same lines.  The existence of nsp-security is no
secret and there has been a small number of "leaks", that is, mail
primarily, that was not meant to be forwarded or copied outside the list
that had been.  Its been far from perfect from both a secretive
standpoint and policy standpoint, but compared to what existed before
it, it has proved useful from time to time.  The ISP Security BoF/Track
meetings at NANOG grew out of the nsp-security effort and those are
open to any NANOG attendee.

One thing groups like this has perhaps most helped with is building
one-to-one relationships between colleagues.  Groups like nsp-security
help you to learn who the trusted and reliable contacts are at various
organizations.  An ongoing area of work is to build better closed,
trusted communities without leaks.  Its still an ongoing problem.  Thats
why many times really sensitive work gets done in even smaller ad-hoc
groups or on a one-to-one basis.

John