[NCAP-Discuss] Additional comments on the comments to the Scarfone Draft

[Jeff Schmidt]

> Did you try CI for corp.com to mitigate the risks?  Was it effective?
. . . 
> There is evidence, collisions have occurred after CI periods have ended, no?

Actually, really important questions.  If the definition of success is zero collisions, we should shut down the Internet now and go home (well, we're all already home...).  There will never be zero collisions; what is acceptable? Depends on the "story" as we just discussed on the call.  It's a string-by-string risk-based evaluation.  

> Further, the most virulent types of attacks are never going to be reported.

I've seen the most virulent types of attacks.  They happened in corp.com.  Because of a unicorn.

Jeff