More comments about UNIX Security.

[alt%aids-unix at sri-unix.UUCP]

From:  Howard Alt <alt at aids-unix>

Some other comments that I forgot to make or that have been brought to
my attention. 

1)  Usenet land will have to live without this mailing list.  There
can be no forwarding of this list to Usenet for the obvious
reasons...(public spool directories, etc).  

2) The usefulness of this list will be directly related to the
care that each site takes in choosing the distribution.  It is in the
intrest of each site to take care that this stuff dosn't get out into
public hands.

3)  4.1 has been around for a while, but when 4.2 comes along, I
expect a whole pile of new and exciting ways to bring the machine to a
halt will be discovered...  I think this list will make its usefulness
obvious when 4.2 comes out.  

4)  We need some way to verify the addresses at each site.  I suppose
this could be done through the "postmaster" (or "root") at each site
since (presumably) it is handled by a responsible person.

5)  Another way to do the distribution is the following:  Have the
postmaster or root send in a list of people at each site that should be
on the list.  Then, distribute the list, have people look over it, and
comment on people they know to be "Badguys".  Perhaps take a second
look at people who refrence each other, or somthing like that.
Hopefully, we can come up with a method.  Perhaps through the Arpanet
Liason, since that name is listed where all can read it and say "a real
person".

6)  I assume the mail between Arpanet and CSNET is not public access...
correct?

Please don't flame me about the "Insecurity of mailers", because I know.
If someone has any better ideas or thoughts, bring them out into the
open.

	Cheers,
		Howard.