funsec mailing list archives
Re: Presidential Internet Kill Switch
From: chris () blask org
Date: Wed, 23 Sep 2009 11:09:01 -0700 (PDT)
--- On Wed, 9/23/09, Dan Kaminsky <dan () doxpara com> wrote:
Be that as it may, the data rather clearly suggests certification in the security realm is (very) badly correlated with qualification.
Well, be *that* as it may (and I agree, it certainly may be), we live in a world where plumbers and lawyers (I'll leave the correlation to the reader) require certifications, so the general concept of certifying is something that is well-worn in most of the world.
Bottom line: What if the only people allowed to do security work were CISSPs?
The mistake you may be making is assuming that the only possible future is a linear transposition of aspects of the present. I'm not arguing that there is not a real risk of lame certifications being the standard in some future regime, but I would suggest that there is no certainty that this has to be the case.
(Yes, this applies to government systems and critical infrastructure, for now. But you know, that latter part isn't well defined either. Is Linux critical infrastructure?)
Ah! It truly *isn't* defined well, which is another pertinent point. It very much should be better defined, and the more you peel that grape the harder it is to not include things like critical economic and communication infrastructure. If there is an argument for special treatment of the networks that deliver, say, energy across the nation, it is possible that the same argument could apply to networks that deliver information and economic stability as well. At the very least, this is a discussion that needs to be had with an eye to the needs of the nation (and not just us) and in the context of what is pragmatically necessary as opposed to ideally desired. -chris _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Presidential Internet Kill Switch, (continued)
- Re: Presidential Internet Kill Switch Paul Ferguson (Sep 22)
- Re: Presidential Internet Kill Switch Dan Kaminsky (Sep 22)
- Re: Presidential Internet Kill Switch chris (Sep 23)
- Re: Presidential Internet Kill Switch Dan Kaminsky (Sep 23)
- Re: Presidential Internet Kill Switch phester (Sep 23)
- Re: Presidential Internet Kill Switch Michael Collins (Sep 23)
- Certs [was Re: Presidential Internet Kill Switch] der Mouse (Sep 27)
- Re: Certs [was Re: Presidential Internet Kill Switch] Jon Kibler (Sep 28)
- Re: Presidential Internet Kill Switch Jon Kibler (Sep 23)
- Re: Presidential Internet Kill Switch Valdis . Kletnieks (Sep 23)
- Re: Presidential Internet Kill Switch chris (Sep 23)
- Re: Presidential Internet Kill Switch Jon Kibler (Sep 23)
- Re: Presidential Internet Kill Switch Buhrmaster, Gary (Sep 23)
- Re: Presidential Internet Kill Switch Larry Seltzer (Sep 23)
- Re: Presidential Internet Kill Switch Valdis . Kletnieks (Sep 23)
- Re: Presidential Internet Kill Switch Rob, grandpa of Ryan, Trevor, Devon & Hannah (Sep 23)