[nsp-sec] Circle of trust [was: Vetting: Wang Hua]

Jason Gardiner gardiner at direcpath.com
Thu Jan 28 14:34:17 EST 2010 

On 1/28/2010 1:03 PM, Patrick W. Gilmore wrote:
> ----------- nsp-security Confidential --------
> 
> On Jan 28, 2010, at 12:37 PM, Yiming Gong wrote:
> 
>>> My understanding is that we already have a CT person here, and at least one CNCERT person.
>>>
>>>  
>> Yes, we got another CT person here but I never saw her talking. I know she is not from CT headquarter and probably she cannot talk much. CNCERT has nothing to do with CT.
>>> But more importantly, vouches should be for the person, not for the company.  Especially when we the company in question is partially owned / controlled by a gov't which, if not directly at least indirectly, is in direct opposition to this list's primary goal.
>>>
>>>  
>> Understand, but in this case, there is no perfect candidate at this point (I don't think CT has one), my though is that the right guy won't magically show up and isolating CT is not the right direction to go. As the vice director of CT NOC, Wanghua can be a good person whom the security community can talk to and hopefully baby-steps can be taken.
>>> If you vouch for _WANG_, fine with me (and hopefully the rest of the list).  If you are vouching for "a CT engineer", I would argue that is an invalid vouch.
> 
> I will take that as "I cannot vouch for the person Wang Hua, but would like another CT person here and Wang's position sounds right".
> 
> As such, I strenuously suggest to the admins that this vouch not be considered valid.  I am not interested in baby-steps that risk the security of this list.
> 
> If the admins disagree with me, especially if this type of thing has happened in the past and I just did not know it, I would appreciate it if the admins would let me know.
> 
> The circle of trust is a serious thing.  If it is violated, and I consider this a violation, it will ensure that I post nothing to NSP-SEC that I would not post to NANOG.  I'm sure many here already consider NSP-SEC no more secure than NANOG, but I was not quite to that point yet.  Perhaps I should be if this is how far the circle of trust has degraded.
> 


I agree with Patrick and the others.

I am also concerned about the statement "we got another CT person here
but I never saw her talking. I know she is not from CT headquarter and
probably she cannot talk much."

It sounds like that person should not be on the list either.

-- 
Jason Gardiner
Director Network Engineering
DirecPath, LLC

o. 404.961.7024
c. 404.557.4007

More information about the nsp-security mailing list