Dailydave mailing list archives

Re: Speculation

From: Paul Vixie <vixie () isc org>
Date: Sat, 19 Jul 2008 14:22:47 +0000

Those of us outside the research community who have to advise management
cannot tell our executives "trust Dan."  We have to be able to weigh
costs vs benefits, implementation details, and the like.  I'm glad people
here and elsewhere have tried to figure this out, since it gives details
to guide my recommendations.


would you have preferred that the attack vector be completely published on
day 1, rather than a cert advisory with details to follow a month later at
defcon, so that your recommendations could be completely informed?  note
that in that case it would also go in the wild before you could patch.  is
that what you want the next discoverer to do for you?

note, it's not just "trust dan."  dan looped in a powerful group of dns
folks, each of whom was heard to speak the words "oh, shit!" and we have
been making the rounds, lending our names to this.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: Speculation, (continued)
- - Re: Speculation Paul Vixie (Jul 18)
- Re: Speculation Marc Maiffret (Jul 18)
  - Re: Speculation Paul Vixie (Jul 18)
    - Re: Speculation Thomas Ptacek (Jul 19)
    - Re: Speculation Paul Vixie (Jul 19)
    - Re: Speculation Thomas Ptacek (Jul 19)
    - Message not available
    - Re: Speculation Thomas Ptacek (Jul 19)
  - Re: Speculation dan (Jul 23)
    - Re: Speculation Alexander Sotirov (Jul 24)
- Re: Speculation Richard Bejtlich (Jul 18)
  - Re: Speculation Paul Vixie (Jul 19)
    - Re: Speculation Paul Melson (Jul 20)
    - Re: Speculation Thomas Ptacek (Jul 20)
- Re: Speculation Dave Aitel (Jul 20)
- Re: Speculation Kris Lamb (Jul 19)