Re: Comments on the Draft
vcerf@NRI.Reston.VA.US Wed, 24 October 1990 23:51 UTC
Received: from nri by NRI.NRI.Reston.VA.US id ab15355; 24 Oct 90 19:51 EDT
To: Marty Schoffstall <schoff@psi.com>
cc: spwg@NRI.Reston.VA.US
Subject: Re: Comments on the Draft
In-reply-to: Your message of Tue, 23 Oct 90 18:42:40 -0400. <9010232242.AA12120@psi.com>
Date: Wed, 24 Oct 1990 19:45:39 -0400
From: vcerf@NRI.Reston.VA.US
Message-ID: <9010241951.ab15355@NRI.NRI.Reston.VA.US>
Marty, I suppose we could label this Internet Security Practice. I think it is correct that users are or ought to be accountable for their behavior - but I think this is just a general statement about personal responsibility. I do not agree with your conclusion that such a statement allows organizations to escape culpability. If we said that ONLY individual users were responsible, then your observation would make more sense to me, but we didn't say that. Maybe we should also say something about the responsibility of organizations since, later in the text, I think the notion of organizational responsibility shows up. I did not follow your comment about being in deep yogurt if you cooperated with enforcement agencies using a prt time network manager - the status of the manager as part time seems to be irrelevant? As to corporations and universities that have policy not to assist - this could use some back up - can you provide some examples? Most of the telephone companies actually have a policy of working together in security matters, including informing each other of what they find on public bulletin boards as to account numbers, passwords and the like. Vint
- Comments on the Draft Marty Schoffstall
- Re: Comments on the Draft vcerf