On Fri, 3 Nov 1995, Perry E. Metzger wrote:

Timothy C. May writes:

...

Implying that the reason Bellovin and Karn left the list--if they did, as I haven't checked--was because of "off-topic" posts seems to be a stretch.

They both left because the noise level was too high and the cryptography content too low. I'll ask Steve to comment if you insist.

I'd be interested as to whether or not they are tuned in here, either directly or indirectly through some type of list reflector/filter. Some people might just read this list and not post. They may not have anything to say or contribute, or maybe they just don't want to add to list noise, but hopefully they do keep up with the mailing list discussion as a first priority. Just because someone doesn't post, doesn't mean that they've left, or not listening. It just means that we aren't hearing from them. Steve Bellovin, (if this is the AT&T, Steve Bellovin) has corresponded with me. He wrote me about the security flaw in Netscape I detailed to this list, so I can assume from that, that he IS aware of it and is still aware of the list (if it is the AT&T Steve Bellovin, I mean). If not, my mistake. I suppose I could ask him whether he is reading this list, or not. Is Steve AT&T's Security Officer or something? He never really introduced himself when he emailed me, and he never presented me with any credentials or letters of introduction. But if he is so well known (news to me), and has a well known reputation -- probably a reputation on a par with noted international electro-virologist, "Dr. Frederick B. Cohen" -- then he's probably a very busy fellow. I wonder who he is at AT&T?

...

Lots of other people have joined the list, and the subscription base has done from an earlier plateau of about 700 subscribers to more than 1200 recently.

I don't care about quantity. Steve Bellovin is worth 500 subscribers -- maybe 1000. I'd rather hear his or Phil's off the cuff remarks on a lot of this stuff than most of what passes for careful thought from the average person here.

Yes. He is worthwhile from what I have seen. He has said that he will probably be consulted at AT&T if there is ever any type of Internet issue. I'm not sure if that makes him one of AT&T's Internet consultants or whether he is one of the responsible persons at AT&T. But I'd rather let Steve speak for himself on that. I don't know if Steve has the explicit authority to have the Chairman take his call as an example and I doubt that -- on his pen -- a full Board Meeting could be convened to bring all opinions forward to the table, so that those who are CHARGED with decision making CAN make decisions. I think he probably has to go through channels. (Direct access to senior management is generally part and parcel of any functioning security policy. It has to be. And I assume that AT&T does have one.) I'm slowly working through my mail queue, and will probably reply soon to Steve's email. It's flagged. And I can probably ask at that time whether he DOES read this list, and settle the issue. I really don't want to bother him though with trivial questions and comments when he's probably busy forming an inter-departmental Working Group to *carefully* deal with the Netscape issue -- a large committee to focus on the problem that blindsided AT&T, a committee to focus on deployment strategies. I assume that that's why Steve's not posting to this list and providing free entertaining content to Internet subscribers. He's probably too DAMNED busy. (And not getting paid NEARLY enough ;) I hope that AT&T's Netscape Security Audit Working Group's first order of business is to elect one person to deal with external email, rather than having each individual employee from AT&T send, _yours truly_ a "Me Too" ... "I'm responsible" ... "this is MY turf" reply. But that's not a list discussion so I'll take it off-line where it belongs, and keep Perry as happy as I can.) That discussion ... the "everyone at AT&T is responsible" one, belongs with the Netscape one ... the one where "no one at Netscape is responsible", the one where "nobody from Netscape ever replies" to your email. Alice de 'nonymous ... ...just another one of those... P.S. This post is in the public domain. C. S. U. M. O. C. L. U. N. E.