Re: [ga] Security for status quo, not individuals

[Jeff Williams <jwkckid1@ix.netcom.com>]

Eric and all assembly members,

Eric Dierker wrote:

> Upon reviewing the agenda and schedules for the MDR meet I find them
> neither secure nor really having to do with security.
>
> They seem to be vendor, political and personal agenda based.
>
> Why would "for security reasons" there end up being two classes of
> meetings  - apparently some secure and some not?

  These two classes are reasonable but incomplete to address the
actual concerns and existing known security with the DNS and
IP addressing systems which are the two most exposed areas
presently.

>
>
> How can security issues be handled in an open and transparent bottoms up
> manner?

  There are a number of ways.  They have been discussed on this forum
and are also available in several IETF WG forums as well.  I participate
on three of those IETF forums presently (DNSSEC, IPSEC, and TLS).
There are also a number of industry based forums such as the Sans
Institute that also provide a number of classes for certification, one
of which is taking place about the same time frame as the MdR
meeting.  Perhaps Eric, you and possibly others here should
consider taking a look into these amongst a number of other
forums engaged in Internet Security issues.

>
>
> The important thing to remember when reviewing these matters is to keep
> in mind we have "social security" and we have "elitist security".  It
> looks to me like the security set up in MDR is to protect our board but
> to hell with participants.  I don't think that is what the man who stood
> all alone in Yankee stadium to throw out the first ball has in mind.

  The president can always bu updated in this area through Mr. Clark
should you so choose.  Perhaps he should be if you believe that there
is a systemic problem here.

>
>
> I have yet to hear from or see a proclaimed security expert post
> anything anywhere on ICANNs' sites.

  ICANN's sites?  Please explain exactly what you mean by that?

>  Having worked in Security I find
> this irresponsible and dangerous.

  THe ICANN BoD and staff have shown clearly that they are a day
late and several dollars short when it comes to Internet security
concerns that have been known for some time.  Only sense 9/11
has such been of extreme interest to them.  Better late than
never I suppose.

>
>
> Either this meeting is about security which requires security or it is
> not.  And if anyone suggests secrecy equals security  they are stupid.

  Secrecy does sometimes mean security.  Internet security is no
exception sometimes as well.  But this is a judgment call based
on known security protocols as well as methods of implementation.
What is concerning is that the ICANN BoD and staff have almost
no expertise in Internet security areas and will be relying heavily
on the IETF to provide that expertise.

>
>
> Sincerely,
> Eric
> --
> This message was passed to you via the ga@dnso.org list.
> Send mail to majordomo@dnso.org to unsubscribe
> ("unsubscribe ga" in the body of the message).
> Archives at http://www.dnso.org/archives.html

Regards,

--
Jeffrey A. Williams
Spokesman for INEGroup - (Over 118k members strong!)
CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number:  972-447-1800 x1894 or 214-244-4827
Address: 5 East Kirkwood Blvd. Grapevine Texas 75208


--
This message was passed to you via the ga-full@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-full" in the body of the message).
Archives at http://www.dnso.org/archives.html