ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Comments on <draft-cooper-privacy-policy-01.txt>

2010-07-11 20:17:36
from [Donald Eastlake] [Permanent Link] 
The sniffed "passwords" were sometimes displayed in real time on a
monitor facing the audience from the front of the room. This activity
was never called "research" that I can recall. I think the majority
reaction was that this was a fine thing to motivate improvements in
security practice. Only one person was upset, that I remember. And
several people, seeing that this was going on, wrote little network
apps to give the appearance to sniffers that plaintext passwords were
being sent so use they could display messages on said monitor, like
"this" "is" "not" "my" "real" "password", etc.

Thanks,
Donald

On Fri, Jul 9, 2010 at 1:24 PM, Fred Baker <fred(_at_)cisco(_dot_)com> wrote:

Randy, we have had at least one "researcher" sniffing passwords in plenary 
WiFi traffic and posting them, to embarrass people into using more secure 
technology. I believe he was an Ops AD at the time :-)

Agreed that personal net hygiene is the solution there.

On Jul 9, 2010, at 5:04 AM, Randy Bush wrote:


[ fwiw, i am not bothered if some folk well-versed in such things
 develop and put forth a policy about how the ietf treats data
 about members, attendees, network, ... ]


And "yes" we have researchers looking into the traffic, people storing
all sorts of data, etc.


we do?  about our traffic on the ietf meeting network?  stuff other than
the _ephemeral_ data the noc ops use to manage the network?

as far as i know

 o data collection has been done very rarely.  and when it has been, it
   has been widely announced.

 o there is no plan known by the net ops to do so in maastricht or
   beijing at either of those meetings.

 o aside from issues in the wireless deployment, the data about net use
   at ietf meeings seems pretty boring to me from a research view

 o but i am sure there are wifi spies snooping and playing.  and i
   suspect that they will not be very respectful of any policy put in
   place.

given the latter, i focus more on prudent personal net hygene and less
on prose.

randy
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf


http://www.ipinc.net/IPv4.GIF

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Comments on <draft-cooper-privacy-policy-01.txt>, Dave CROCKER
Next by Date:  Re: Comments on <draft-cooper-privacy-policy-01.txt>, Joel Jaeggli
Previous by Thread:  Re: Comments on <draft-cooper-privacy-policy-01.txt>, Randy Bush
Next by Thread:  Re: Comments on <draft-cooper-privacy-policy-01.txt>, todd glassey
Indexes:  [Date] [Thread] [Top] [All Lists]