再保险(板):网络犯罪公约声明反对意见

*叹息*这回到枪类比…或画出另一个,很多人在历史上曾试图限制访问各种信息(如书燃烧等),因为它可能施加的“颠覆性”的影响。这一切归结为什么(在我看来)是认为这个消息的范围。我觉得我们的目标是我们的问题,告知立法者,让他们意识到这一事实被分析的分布式拒绝服务代理我的电脑是不一样的一个代理被别人写和分布式。代码可能是相同的。目的不是。我想要发送的消息,在这种精神我继续支持消息目前起草。吉姆- - - - - - - - - - - -从原始信息:Steven m . Christey: cve-editorial-board-list@lists.mitre.org发送:主题:6/7/00 58点(董事会)对网络犯罪公约声明反对意见:马库斯Ranum,编辑部的非功能性需求的代表,与网络犯罪公约声明表达了反对意见。我在这里发帖马库斯的担忧的记录。这并不影响对当前活动获得支持的声明中,我们已经决定,这不是一个“官方”编辑委员会的活动。 Since some of his concern touches on the controversial issue of full disclosure, I encourage any potential responders to this email to take care to avoid being "sidetracked" by that issue. There may be better forums than the Editorial Board mailing list for those sorts of discussions. The concern is with the following text of the statement: # System administrators, researchers, consultants and companies all # routinely develop, use, and share software designed to exercise known # and suspected vulnerabilities. Academic institutions use these # tools to educate students and in research to develop improved # defenses. Our combined experience suggests that it is impossible # to reliably distinguish software used in computer crime from that # used for these legitimate purposes. In fact, they are often # identical. And following is Marcus' response, extracted from various email discussions and approved by him: >The statement, as it is drafted, goes contrary to what I believe is >the inevitable and right progression of legislative events concerning >hacking/penetration test tools. > >While it is difficult to reliably distinguish between attack tools and >security tools, I believe there are standards of reasonableness that >can, and _must_ be applied. Too many attack tools are being developed >and deployed, under the guise of "helping" and "education" - I believe >that in the long run it is not helpful and is in fact detrimental. >For example, nmap, by its very design, is intended to defeat certain >forms of security. Therefore it is not a purely legitimate tool. Some >may argue that it may still be useful to white hats. That may be true >- but there are plenty of cases where legitimate tools that may be >abused are restricted and regulated. I don't have a problem with that >in this case. Others have expressed concerns that if it appears that the Board as a whole supports this treaty statement, that it may conflict with the organizational opinions of some parent organizations of Board members. Marcus effectively agrees with this: >I am opposed to participating (and, by extension, NFR >participating...) in any action that indicates support for further >dissemenation, usage, teaching about, or otherwise condoning the use >of hacking tools and techniques. - Steve