[ih] Very early days of the IANA

Noel Chiappa jnc at mercury.lcs.mit.edu
Sat Apr 9 09:32:17 PDT 2011 

    > From: Jorge Amodio <jmamodio at gmail.com>

    >> I do not recall the Denmark meeting you speak of, but I am pretty sure
    >> that that would have been later.

    > Yes it was later and the plan to establish the "shield" was already in
    > motion.

I dug around in my files and found the earlier paperwork pretty easily. I have
found a moderate-sized trove of documents, covering a series of meetings,
including 'sign-in' sheets for some.

(I know this isn't really what this thread is about, but I wanted to put this
all on record while I'm thinking about it.)

The lead attorney at H+D Washington working on this was Geoffrey Stewart
(sorry I forgot your name, Geoff!), with assistance from David Sylvester.


There were a series of meetings through the fall and early winter of 1989 on
related topics, all spawned by the initial 'how to get vendors to fix bugs'
thing.

There was an "IAB/IESG Liability Meeting" (as it was called on the agenda
aheet, although only myself, Vint, Phill, Geoff and Scott Bradner were listed
as attending) on October 26, 1989, and that one includes the 'Standards Group
Liabilty' as an agenda bullet - I suspect that's the meeting where I remember
Vint's consternation from! I have a copy of a note prepared after the meeting
which summarizes the content of the meeting, and lists action items; I don't
know who prepared it, but it seems to have been either Phill or Scott. The
action items include preparation of the memos listed below, and also one on
standards body liability - I think the effort forked at that point, with bugs
on one, and potential I* liability on the other.

There was a meeting (I have a hand-written sign-in sheet for this one) of an
"Ad-Hoc Liability WG" on Nov 29, 1989 attended by Vint, Geoff, Scott, Jeff
Schiller, Greg Vaudreil, David Sylvestre, and Phill. I don't seem to have
anything else on that one.

Finally, there was a meeting (again, a hand-written sign-in sheet) on December
14, 1989, which might actually have been the one at which the group of analytic
memos I spoke of in a previous message was distributed. The attendees were
Geoff, Craig Patridge, Ed DeHart, Rich Pethia, Scott, me, Jeff, David, Greg and
Phill.


Somehow the CERT seems to have gotten roped in by that point (which makes some
sense, since it was set up to deal with security problems), since the group of
analytic memos (4 of them, bound into a big book) speak of the CERT; the cover
memo is also addressed to "Members of the IESG". The four memos in the packet
are:

- Libabilities of Software Manufacturers For Failure to Correct Deficiencies in
Software After Notification by The CERT

- Libabilities of Computer Services Providers For Failure to Correct Security
Deficiencies in Software After Notification by The CERT

- Potential Libabilities of The CERT Arising From Notification to Manufacturers
and Users of Security Deficiencies in Software

- Potential Libabilities of Persons Who Report Possible Security Deficiencies
in Software to The CERT

They were distributed at a meeting which might have been on November 29, 1989
(so claims the cover memo), but it might have been the December 14 meeting, as
I see that meeting includes some CERT people. Or perhaps there were two
meetings?

Alas, my memory (that I paid for this) is incorrect, so I can't confirm if
there was a November 29, meeting. I carefully checked my Hale+Dorr bills from
then, but Geoff didn't charge any hours, so it must have been pro bono work by
H+D.

	Noel

More information about the Internet-history mailing list