[Asrg] enough about backscatter
Chris Lewis
clewis at nortel.com
Sun Jan 18 17:34:53 PST 2009
J.D. Falk wrote:
> On 16/01/2009 03:50, "John Levine" <johnl at taugh.com> wrote:
>
>> Perhaps it's time to amend the ASRG charter to exclude easily
>> visualized but actually hypothetical threats. If you disagree that
>> they're hypothetical, first you have to go get real data to support
>> your claim.
> However, I wouldn't mind discussion about /how/ to get real data....
It seems to me to be part of a process. A "threat model" comes up, and
we remember that part of the discussion should be to figure out how
likely/possible/extant they really are.
Indeed, if you don't think a threat model is realistic, it's kinda hard
to prove that it isn't - proving a negative.
In the discussion at hand, I wasn't able to give concise quantitative
numbers. Because they are, to a great degree, unknowable. What I did
instead was to show, by inference/within orders of magnitude, that i
wasn't happening with _huge_ numbers of "supposedly dangerous actions"
(rejecting).
More information about the Asrg
mailing list