On Fri, 6 Sep 2002 sgorman1@gmu.edu wrote:
Actually I do not know how to play chess maybe *Risk*, but your point is well taken. The intent is not provide a public recipe for taking down the Internet, that would be the opposite goal of the research to begin with. Regardless it is difficult line to tread and it is best to err on the side of caution.
Bell Labs published papers on security problems in the IP protocol and the Clipper chip. On the other hand Bell Labs had a policy of not publishing papers about security issues in protocols such as SS7. Did not publishing the information keep the telephone network more secure, or did publishing make the Internet less secure? Did it make a difference? I don't know. People building new networks should be aware of the risks so they can address them. We don't keep fire or building codes a secret, because we want people to build safe buildings. How do people learn how to build secure networks if the information is secret?