Update to BCP-38?

Tue Oct 8 12:35:16 UTC 2019

As an Evil Firewall Administrator™, I have an interest in this area ...

On Fri, 4 Oct 2019 15:05:29 -0700, William Herrin <bill at herrin.us> may have
written:
> On Thu, Oct 3, 2019 at 2:28 PM Keith Medcalf <kmedcalf at dessus.com> wrote
> > Anyone who says something like that is not a "security geek".  They are
> > a "security poser", interested primarily in "security by obscurity" and
> > "security theatre", and have no clue what they are talking about.

Hmm ... 'primarily in "security by obscurity"' ... that does tend to
indicate a severe case of cluelessness (and that's coming from someone who
doesn't let his right hand know what his left hand is up to without
justification that has been signed off in triplicate). To give a real world
example, removing headers from an Apache web server doesn't do much to
increase security (it's mostly to keep auditors happy) because automated
attacks will hit your exposed Apache servers anyway, and a sophisticated
attacker will note the removal and adopt the strategy of an automated
attack. 

> more important information you'd like to deny to him. There's a 5-step
> process used by the U.S. Military but the TL;DR version is: if you don't
> have to reveal something, don't.

You've ignored step 1 - identifying critical information that needs
protecting. It makes sense to protect information that needs protecting and
don't lose sleep over information that doesn't need protecting. Not many of
us are planning an invasion of a Nazi-infected Europe any time soon.
-- 
Mike Meredith, University of Portsmouth
Hostmaster, Security, and Chief Systems Engineer

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20191008/631a6a2c/attachment.sig>