Re: Status of draft-christey-wysopal-vuln-disclosure-00.txt
Florian Weimer <fw@deneb.enyo.de> Thu, 26 December 2002 19:43 UTC
Received: from ran.ietf.org (ran.ietf.org [10.27.6.60]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA14668; Thu, 26 Dec 2002 14:43:30 -0500 (EST)
Received: from majordomo by ran.ietf.org with local (Exim 4.10) id 18RdsS-0001xV-00 for ietf-list@ran.ietf.org; Thu, 26 Dec 2002 14:41:08 -0500
Received: from odin.ietf.org ([10.27.2.28] helo=ietf.org) by ran.ietf.org with esmtp (Exim 4.10) id 18Rdpl-0001wa-00 for ietf@ran.ietf.org; Thu, 26 Dec 2002 14:38:21 -0500
Received: from mail.enyo.de (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA14562 for <ietf@ietf.org>; Thu, 26 Dec 2002 14:32:51 -0500 (EST)
Received: from [212.9.189.171] (helo=deneb.enyo.de) by mail.enyo.de with esmtp (Exim 3.34 #2) id 18Rdm9-0000Nv-00; Thu, 26 Dec 2002 20:34:37 +0100
Received: from fw by deneb.enyo.de with local (Exim 3.34 #4) id 18Rdn4-0000Xu-00; Thu, 26 Dec 2002 20:35:34 +0100
To: Valdis.Kletnieks@vt.edu
Cc: jasonc@science.org, cwysopal@atstake.com, coley@mitre.org, dee3@torque.pothole.com, ietf@ietf.org, kre@munnari.OZ.AU, info@knowngoods.org, Bruce Schneier <schneier@counterpane.com>, cert@cert.org, Clinton Kreitner <kreitner@home.com>, Alan Paller <AlanPaller@aol.com>, Hal Pomeranz <hal@deer-run.com>
Subject: Re: Status of draft-christey-wysopal-vuln-disclosure-00.txt
References: <ILEPILDHBOLAHHEIMALBIEDAEHAA.jasonc@science.org> <200212261833.gBQIXCb1003620@turing-police.cc.vt.edu>
From: Florian Weimer <fw@deneb.enyo.de>
Date: Thu, 26 Dec 2002 20:35:34 +0100
In-Reply-To: <200212261833.gBQIXCb1003620@turing-police.cc.vt.edu> (Valdis.Kletnieks@vt.edu's message of "Thu, 26 Dec 2002 13:33:12 -0500")
Message-ID: <87y96cd14p.fsf@deneb.enyo.de>
User-Agent: Gnus/5.090008 (Oort Gnus v0.08) Emacs/21.2 (i686-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf@ietf.org
Precedence: bulk
Valdis.Kletnieks@vt.edu writes: > The general consensus as I read it was that the christey-wysopal draft was > generally considered a very good and reasonable document. There was quite a bit rejection, and some very profound criticism (the killer argument, IMHO, is that a large part of the industry does not accept _any_ disclosure at all). However, this is now a strawman. The document has clearly been overtaken by events (if it has ever been up-to-date). For example, it ignores that currently, those people who are expected to play the role of Coordinators usually provide paid prepublication access to vulnerability information. The draft does not require Coordinators to keep the information they receive strictly confidental, but I'm not sure if this was the intent of the authors or just an oversight. (I'm sorry for the long Cc: list; I'm not sure if it is appropriate. Please complain if you don't want to receive further messages.)
- Status of draft-christey-wysopal-vuln-disclosure-… Florian Weimer
- Re: Status of draft-christey-wysopal-vuln-disclos… Donald Eastlake 3rd
- Re: Status of draft-christey-wysopal-vuln-disclos… Robert Elz
- Re: Status of draft-christey-wysopal-vuln-disclos… Florian Weimer
- Re: Status of draft-christey-wysopal-vuln-disclos… Jason Coombs
- RE: Re: Status of draft-christey-wysopal-vuln-dis… Jason Coombs
- Re: Status of draft-christey-wysopal-vuln-disclos… Valdis.Kletnieks
- Re: Status of draft-christey-wysopal-vuln-disclos… Florian Weimer
- Re: Status of draft-christey-wysopal-vuln-disclos… Valdis.Kletnieks
- Re: Status of draft-christey-wysopal-vuln-disclos… Florian Weimer
- Re: Status of draft-christey-wysopal-vuln-disclos… Chris Wysopal
- Re: Status of draft-christey-wysopal-vuln-disclos… Steven M. Christey
- Re: Status of draft-christey-wysopal-vuln-disclos… Bruce Schneier