Update to BCP-38?

• Previous message (by thread): Update to BCP-38?
• Next message (by thread): Update to BCP-38?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Oct 3, 2019 at 2:28 PM Keith Medcalf <kmedcalf at dessus.com> wrote

> On Thursday, 3 October, 2019 11:50, Fred Baker <fredbaker.ietf at gmail.com>
> wrote:
> > A security geek would be all over me - "too many clues!".
>
> Anyone who says something like that is not a "security geek".  They are a
> "security poser", interested primarily in "security by obscurity" and
> "security theatre", and have no clue what they are talking about.


Keith,

It's called "operations security" or "OPSEC." The idea is that from lots of
pieces of insignificant information, an adversary can derive or infer more
important information you'd like to deny to him. There's a 5-step process
used by the U.S. Military but the TL;DR version is: if you don't have to
reveal something, don't.

IMO, anyone who thinks the folks who developed OPSEC don't have a clue is
the one I find wanting.

Regards,
Bill Herrin


-- 
William Herrin
bill at herrin.us
https://bill.herrin.us/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20191004/e4248006/attachment.html>

• Previous message (by thread): Update to BCP-38?
• Next message (by thread): Update to BCP-38?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]