Re: [irsg] Meetecho for interims?
Carsten Bormann <cabo@tzi.org> Sat, 01 August 2020 16:10 UTC
Return-Path: <cabo@tzi.org>
X-Original-To: wgchairs@ietfa.amsl.com
Delivered-To: wgchairs@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62F123A0CA3 for <wgchairs@ietfa.amsl.com>; Sat, 1 Aug 2020 09:10:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TMFDqpe0TDU0 for <wgchairs@ietfa.amsl.com>; Sat, 1 Aug 2020 09:10:02 -0700 (PDT)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87F253A0CA1 for <wgchairs@ietf.org>; Sat, 1 Aug 2020 09:10:02 -0700 (PDT)
Received: from [172.16.42.101] (p5089ae91.dip0.t-ipconnect.de [80.137.174.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4BJpyJ1kCRzygB; Sat, 1 Aug 2020 18:10:00 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Subject: Re: [irsg] Meetecho for interims?
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <C0FD0348-93CD-417E-93E2-F8FA987C0A93@sunet.se>
Date: Sat, 01 Aug 2020 18:09:59 +0200
Cc: Jim Fenton <fenton@bluepopcorn.net>, WG Chairs <wgchairs@ietf.org>
X-Mao-Original-Outgoing-Id: 617990999.6583869-410fa3f8459761ddccc3d277094d6d9c
Content-Transfer-Encoding: quoted-printable
Message-Id: <07039CD4-D25E-46A3-A4AA-D34039AD5C35@tzi.org>
References: <B3C59EE7-67C5-44F1-9A1B-6453267B8B58@tzi.org> <C0FD0348-93CD-417E-93E2-F8FA987C0A93@sunet.se>
To: Leif Johansson <leifj@sunet.se>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/wgchairs/WlXirzRmt_cylwzsaoJd13rpdlo>
X-BeenThere: wgchairs@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Working Group Chairs <wgchairs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/wgchairs>, <mailto:wgchairs-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wgchairs/>
List-Post: <mailto:wgchairs@ietf.org>
List-Help: <mailto:wgchairs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/wgchairs>, <mailto:wgchairs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Aug 2020 16:10:05 -0000
OK, this is getting a bit off-topic… Apologies. >>>>> >>>>> At least, with Webex, I can be reasonably sure about the absence of criminal intent of the operator. >>>> >>>> That is a very serious allegation that you are making without evidence. >>>> >>>> -Jim >>>> >>> >>> I was just thinking the same thing. >> >> Actually, it is a statement of fact: I feel way more secure with software from Cisco than with software from Zoom Video Communications (ZVC), because I have good reason not to be certain about ZVC’s corporate intent. I didn’t know there would be an expectation that I would embellish this simple fact with formal indictment papers. > > Thats not what you wrote and I think you know the difference (hence the rest of the email)! Right, I wrote that *with Webex* I can be reasonably sure of the absence of criminal intent of the operator. > Incompetent sure, but how does this show criminal intent? I’m not a lawyer, so I cannot answer that question. But declaring that intentionally installing malware on my computer (that makes it vulnerable to first and third party attacks) is exactly what this company does, is *something*. I can report that it (and the time I now had to waste cleaning up my computer) destroyed any trust I might have had in this company to heed basic corporate responsibility — this incident was no longer grossly negligent, this was intentional. Hence my statement of uncertainty about what they will do in the future. > Srsly if I had a € for every ass-backwards handling of a vulnerability I’ve come across ... but to each her own , thx for the details! I continue to see a difference between badly handling a wide open backdoor and a statement that installing such backdoors is just the way the company intends to do business. We have grown such a deep distrust of software vendors that we may think the behavior we have seen here may be just the way it is. Not so. And we have to stop simply ignoring such behavior, or worse, becoming apologetic of it. Grüße, Carsten
- Meetecho for interims? John Scudder
- Re: Meetecho for interims? Benjamin Kaduk
- Re: Meetecho for interims? Fred Baker
- Re: Meetecho for interims? Jeff Tantsura
- Re: Meetecho for interims? Jim Fenton
- Re: Meetecho for interims? Spencer Dawkins at IETF
- Re: Meetecho for interims? Carsten Bormann
- Re: Meetecho for interims? Leif Johansson
- Re: [irsg] Meetecho for interims? Carsten Bormann
- Re: [irsg] Meetecho for interims? Leif Johansson
- Re: [irsg] Meetecho for interims? Carsten Bormann
- Re: [irsg] Meetecho for interims? Toerless Eckert
- Re: [irsg] Meetecho for interims? Carsten Bormann
- Re: [irsg] Meetecho for interims? Toerless Eckert