[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Many Topics are Appropriate for Discussion Here



On Fri, 3 Nov 1995, Perry E. Metzger wrote:

>Timothy C. May writes:
>> Implying that the reason Bellovin and Karn left the list--if they did, as I
>> haven't checked--was because of "off-topic" posts seems to be a stretch.
> 
>They both left because the noise level was too high and the
>cryptography content too low. I'll ask Steve to comment if you insist.

I'd be interested as to whether or not they are tuned in here, either
directly or indirectly through some type of list reflector/filter.  Some
people might just read this list and not post.  They may not have anything
to say or contribute, or maybe they just don't want to add to list noise,
but hopefully they do keep up with the mailing list discussion as a first
priority. 

Just because someone doesn't post, doesn't mean that they've left, or not
listening.  It just means that we aren't hearing from them. 

Steve Bellovin, (if this is the AT&T, Steve Bellovin) has corresponded
with me.  He wrote me about the security flaw in Netscape I detailed to
this list, so I can assume from that, that he IS aware of it and is still
aware of the list (if it is the AT&T Steve Bellovin, I mean).  If not, my
mistake. 

I suppose I could ask him whether he is reading this list, or not.

Is Steve AT&T's Security Officer or something?  He never really introduced
himself when he emailed me, and he never presented me with any credentials
or letters of introduction.  But if he is so well known (news to me), and
has a well known reputation -- probably a reputation on a par with noted
international electro-virologist, "Dr. Frederick B. Cohen" -- then he's
probably a very busy fellow. 

I wonder who he is at AT&T?

>> Lots of other people have joined the list, and the subscription base has
>> done from an earlier plateau of about 700 subscribers to more than 1200
>> recently.
> 
>I don't care about quantity. Steve Bellovin is worth 500 subscribers
>-- maybe 1000. I'd rather hear his or Phil's off the cuff remarks on a
>lot of this stuff than most of what passes for careful thought from
>the average person here.

Yes.  He is worthwhile from what I have seen.

He has said that he will probably be consulted at AT&T if there is ever
any type of Internet issue.  I'm not sure if that makes him one of AT&T's
Internet consultants or whether he is one of the responsible persons at
AT&T.  But I'd rather let Steve speak for himself on that. 

I don't know if Steve has the explicit authority to have the Chairman take
his call as an example and I doubt that -- on his pen -- a full Board
Meeting could be convened to bring all opinions forward to the table, so
that those who are CHARGED with decision making CAN make decisions. 

I think he probably has to go through channels. 

(Direct access to senior management is generally part and parcel of any 
functioning security policy.  It has to be.  And I assume that AT&T does 
have one.)

I'm slowly working through my mail queue, and will probably reply soon to
Steve's email.  It's flagged.  And I can probably ask at that time whether
he DOES read this list, and settle the issue. 

I really don't want to bother him though with trivial questions and
comments when he's probably busy forming an inter-departmental Working
Group to *carefully* deal with the Netscape issue -- a large committee to
focus on the problem that blindsided AT&T, a committee to focus on
deployment strategies.  I assume that that's why Steve's not posting to
this list and providing free entertaining content to Internet subscribers. 

He's probably too DAMNED busy.  (And not getting paid NEARLY enough ;)

I hope that AT&T's Netscape Security Audit Working Group's first order of
business is to elect one person to deal with external email, rather than
having each individual employee from AT&T send, _yours truly_ a "Me Too"
... "I'm responsible"  ... "this is MY turf" reply.  But that's not a list
discussion so I'll take it off-line where it belongs, and keep Perry
as happy as I can.)

That discussion ... the "everyone at AT&T is responsible" one, belongs
with the Netscape one ... the one where "no one at Netscape is
responsible", the one where "nobody from Netscape ever replies" to your
email. 



Alice de 'nonymous ...

                                  ...just another one of those...


P.S.  This post is in the public domain.
                  C.  S.  U.  M.  O.  C.  L.  U.  N.  E.