Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Mobile code security (was Re: rr style scanning of non-customers)

  • From: Christopher L. Morrow
  • Date: Mon Jun 16 11:53:36 2003

On Mon, 16 Jun 2003, Paul Vixie wrote:

> > therefore
> >
> > 3) why would anyone ever run outlook
> i love outlook2003.  no joke, i use it every day.  whenever i get an
> attachment that seems reasonable and i need to open it, i put it in the
> folder that outlook can see, and i read it.  i also share a calendar (in
> three directions) using outlook's "iCalendar" support.  i edit my cell
> phone's directory using a shared outlook address book.  for what it's
> intended to do, outlook works really great.  it's only when you let it
> open *all* the e-mail you get, that its weaknesses prevail.

This is the central problem though, Complexity. Paul is willing to accept
having 3 email clients and jumping through hoops to read an email or sync
a calendar across 3 devices... 99% (more?) of the computing public can't
understand this :( I'm willing to jump through 3 hoops of ssh to make
connections to one network, this to me is the price of 'security'... Many
other people just don't understand why they can't jump right to the end
system and still be 'secure'. That or they are just unwilling to remember
that security is important and at times it can entail some extra work :(

> moral of story: i think the security model is terrible, and i think the
> fact that credible or similarly-dominant alternatives do not exist is
> reprehensible, but the applications themselves, like outlook, seem to
> work pretty well once you put them inside a lockbox.  (i guess hundreds
> of companies are now in the business of selling such lockboxes, too.)

So, microsoft has actually improved the computing business world as well
as ruined it? :)

> the real failure, the thing that actually burns my hash, is when my spam
> complaints or noc correspondance are robotically bounced because they
> contain dangerous mime attachments of type "message/rfc822" (spam
> examples) or "text/plain" (traceroute or tcpdump output).  if your noc
> or abusedesk has such a robot protecting it, you ought to be ashamed.

Sure, that and the fact that outlook hasn't properly handled 822 messages
'ever'... whats a standard for anyway?

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.