nanog mailing list archives
Re: Update to BCP-38?
From: Rich Kulawiec <rsk () gsp org>
Date: Tue, 8 Oct 2019 09:51:13 -0400
On Tue, Oct 08, 2019 at 01:35:16PM +0100, Mike Meredith via NANOG wrote:
You've ignored step 1 - identifying critical information that needs protecting. It makes sense to protect information that needs protecting and don't lose sleep over information that doesn't need protecting. Not many of us are planning an invasion of a Nazi-infected Europe any time soon.
We are heading toward a restatement of Kerckhoff's principle/Shannon's maxim, the latter of which can be paraphrased as "design systems assuming that your adversary will know as much about them as you do". Not that I'm advocating publishing all internal design documents, but systems whose security is predicated on the secrecy of those are brittle and likely to be badly compromised. Better to assume that enemies know or can find out everything and design/build accordingly. ---rsk
Current thread:
- Re: Update to BCP-38?, (continued)
- Re: Update to BCP-38? Valdis Klētnieks (Oct 04)
- Re: Update to BCP-38? Jay R. Ashworth (Oct 05)
- Re: Update to BCP-38? Fred Baker (Oct 03)
- Re: Update to BCP-38? Stephen Satchell (Oct 03)
- Re: Update to BCP-38? Fred Baker (Oct 03)
- RE: Update to BCP-38? Keith Medcalf (Oct 03)
- Re: Update to BCP-38? Valdis Klētnieks (Oct 03)
- Re: Update to BCP-38? William Herrin (Oct 04)
- RE: Update to BCP-38? Keith Medcalf (Oct 04)
- Re: Update to BCP-38? Mike Meredith via NANOG (Oct 08)
- Re: Update to BCP-38? Rich Kulawiec (Oct 08)
- RE: Update to BCP-38? Mark Collins (Oct 08)
- RE: Update to BCP-38? Keith Medcalf (Oct 08)
- Re: Update to BCP-38? Mike Meredith via NANOG (Oct 09)
- Re: Update to BCP-38? William Herrin (Oct 08)
- RE: Update to BCP-38? Keith Medcalf (Oct 08)
- Re: Update to BCP-38? Valdis Klētnieks (Oct 08)
- Re: Update to BCP-38? Mark Collins (Oct 10)
- RE: Update to BCP-38? Keith Medcalf (Oct 08)
- Re: Update to BCP-38? Rich Kulawiec (Oct 09)
- Re: Update to BCP-38? Fred Baker (Oct 03)