Path: utzoo!attcan!uunet!husc6!linus!heart-of-gold!jc From: jc@heart-of-gold (John M Chambers) Newsgroups: news.sysadmin Subject: Re: Security list awakes Message-ID: <165@heart-of-gold> Date: 10 Nov 88 21:38:47 GMT References: <2347@isis.UUCP> <31190@zardoz.UUCP> Organization: Mitre Corp, Bedford, MA, USA Lines: 70 In article <31190@zardoz.UUCP>, neil@zardoz.UUCP (Neil Gorsuch) writes: > In article <2347@isis.UUCP> aburt@isis.UUCP (Andrew Burt) writes: > > ... > > .... Unless the membership wishes to > >vote me out after I get it going again, I would like to remain administrator > >of the list. > > In all fairness, since I volunteered to start the list up again > before Andrew Burt offered to do the same, I believe that the list should > reside on zardoz and that I should be the new administrator. Oh goody, a fight! It's mine! No, it's mine! A modest proposal: There seems to be sufficient interest in a security mailing list that people are talking about multiple sites that act as distribution centers, and it looks like we might end up with a rather deep heirarchy with lots of weak links. Instead, why don't we just create a security newsgroup, to be distributed only among these few distribution centers? This will decrease administrative headaches for everyone. It'll also make everyone feel like they're in charge. OK, I know, everyone's going to holler "Usenet isn't secure!" But is it really all that insecure? Note that I'm not suggesting creating a network-wide comp.security newsgroup. I'd suggest calling it just "security" with no dots. Then it is very easy to control its spread, easier than with a mailing list. The distribution sites just go into their ~news/lib/sys file and add ",security" to the selected neighbors, and ",!security" to the rest. If a site administrator needs to keep the newsgroup a secret to only a small group of people, they can use the technique of putting the ~news/spool/security directory into a "security" group, and giving it 750 permissions. I contend that this is isomorphic to a bunch of re-mailing lists, no more (and no less) insecure, and easier to manage. Of course, we might find we also need security.unix, security.vms, security.tcp-ip, security.ms-dos, and so on. But that's for later. Can anyone give me a good explanation as to why this would be worse than a complicated tree of mailing lists? It would certainly be easier to manage. Also, I'd like to see some real-world experience with the security problems in a distributed bulletin board. I mean, we're all worrying about security in a network environment, right? What better test vehicle could we use than the usenet package, which is already quite widely used and (semi-)understood? It may not surprise anyone that I have a hidden agenda in making this suggestion. There are a bunch of projects about (both military and commercial) that involve the creation of distributed messaging and conferencing software. I've been tossing out the suggestion that a multi-million-dollar development project would likely come up with something weaker (in both capabilities and security) than the existing usenet package, which has been widely tested for a decade now. I've suggested analyzing usenet for security problems, and modifying it to correct the problems, rather than "re-inventing the wheel". The usual response is to just ridicule the suggestion because usenet is used by academia so it's obviously totally insecure. But nobody has yet given me a convincing argument (insults aren't arguments; they are just insults) that I'm wrong. I'd like to find out if it'd work. And if not, why not, so that future developers can avoid making the same mistakes. Here's a big chance for all you usenet partisans out there to show what your package can do. Anyone wanna go for it? Or can someone give me a good explanation as to why I'm wrong? -- From: John Chambers From ...!linus!!heart-of-gold!jc (John Chambers) Phone 617/217-7780 [Send flames; they keep it cool in this lab :-]