再保险(板):网络犯罪公约声明反对意见

虽然我不完全同意马库斯,我确实同意一些他了,觉得他的担忧应该是长大。有部分的语句,我可能想要修改。我不知道我们可以达成共识,但我们应该考虑他的输入创建草案时。> - - - - - - - - - - - >从原始信息:史蒂芬·m·Christey [mailto: coley@LINUS.MITRE.ORG]>发送:星期三,2000年6月,58点>:cve-editorial-board-list@lists.mitre.org >主题:对网络犯罪公约声明(董事会)反对意见> > >:> > Marcus Ranum编辑部非功能性需求的代表,与网络犯罪公约>表达了反对意见。>我在这里发帖马库斯的担忧的记录。这>不影响当前活动对获得支持>声明,我们已经决定,这不是一个>“官方”编辑委员会的活动。> >自他的一些问题涉及全>披露的有争议的问题,我鼓励任何潜在的反应这封邮件>小心,避免被“脱轨”这个问题。可能有比编辑部>论坛邮件列表>讨论这些。> >语句的问题是使用以下文本:> > #系统管理员,研究人员,顾问和公司所有> #定期开发、使用和共享软件设计> > #和疑似漏洞锻炼。学术机构使用这些> #工具来教育学生,在研发改良> #防御。我们结合经验表明,它是不可能可靠地> #区分软件用于计算机犯罪和> #用于合法目的。事实上,他们常常> #相同。> >和下面是马库斯的响应,提取各种邮件>讨论和批准他:> > >声明,起草,相反我认为是> >不可避免的和正确的立法事件的进展> >黑客/渗透测试工具。 > > > >While it is difficult to reliably distinguish between attack > tools and > >security tools, I believe there are standards of reasonableness that > >can, and _must_ be applied. Too many attack tools are being > developed > >and deployed, under the guise of "helping" and "education" - > I believe > >that in the long run it is not helpful and is in fact detrimental. > >For example, nmap, by its very design, is intended to defeat certain > >forms of security. Therefore it is not a purely legitimate > tool. Some > >may argue that it may still be useful to white hats. That may be true > >- but there are plenty of cases where legitimate tools that may be > >abused are restricted and regulated. I don't have a problem with that > >in this case. > > > Others have expressed concerns that if it appears that the Board as a > whole supports this treaty statement, that it may conflict with the > organizational opinions of some parent organizations of Board members. > Marcus effectively agrees with this: > > >I am opposed to participating (and, by extension, NFR > >participating...) in any action that indicates support for further > >dissemenation, usage, teaching about, or otherwise condoning the use > >of hacking tools and techniques. > > > - Steve >