On 7/14/2010 11:02 PM, Randy Bush wrote:
The assumption that simply posting a notice constitutes sufficient
"permission" to disclose data is one more example of the challenges
we face in producing reasonable policies and following them.
i think you had better have a cite for where a message was posted and
ietf network data were disclosed. or is this more wild hyperbole?
Randy,
As always, a delight to watch you in action. So, thanks for your kind
suggestion but I don't feel the need of trying to defend a statement that I did
not make. In this case, I never made the claim that data was divulged. Others
did. Please consider reading the text that is actually in front of you.[*]
Since your goal in an exchange like this is to keep things unproductive, to
distract from the original goal, I'll leave you on your own for any further
creative misinterpretations. Heck, you might even find then sitting on a petard.
d/
[*] Perhaps you meant to challenge:
On 7/11/2010 6:17 PM, Donald Eastlake wrote:
The sniffed "passwords" were sometimes displayed in real time on a
monitor facing the audience from the front of the room. This activity
was never called "research" that I can recall. I think the majority
reaction was that this was a fine thing to motivate improvements in
security practice. Only one person was upset, that I remember. And
several people, seeing that this was going on, wrote little network
apps to give the appearance to sniffers that plaintext passwords were
being sent so use they could display messages on said monitor, like
"this" "is" "not" "my" "real" "password", etc.
or:
On 7/9/2010 10:24 AM, Fred Baker wrote:
> Randy, we have had at least one "researcher" sniffing passwords in plenary
> WiFi traffic and posting them, to embarrass people into using more secure
> technology. I believe he was an Ops AD at the time:-)
While my own note was responding to:
On 7/14/2010 2:53 PM, John C Klensin wrote:
> My recollection is that the short-lived password sniffing and
> posting experiment was fairly well publicized in advance and
> that people with weak systems were warned to either upgrade or
> stay off the wireless network. That constituted a fairly clear
> "opt-out by doing something else" possibility (not very unlike
> the upcoming network access authentication issues), not a secret
> experiment.
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf