From owner-freebsd-security  Fri Mar 12  6: 9:56 1999
Delivered-To: freebsd-security@freebsd.org
Received: from exchange.sds.no (exchange.sds.no [139.105.2.11])
	by hub.freebsd.org (Postfix) with ESMTP id 3E9E6152AC
	for <freebsd-security@FreeBSD.ORG>; Fri, 12 Mar 1999 06:09:44 -0800 (PST)
	(envelope-from Espen.Torseth@sds.no)
Received: by exchange.sds.no with Internet Mail Service (5.5.2232.9)
	id <GXDFR6YT>; Fri, 12 Mar 1999 15:09:23 +0100
Message-ID: <5C6B5666DB52D211BAA50000F6B9956A6401@nt1gj.da.posten.no>
From: Espen Torseth <Espen.Torseth@sds.no>
To: 'Robert Watson' <robert+freebsd@cyrus.watson.org>,
	Matthew Dillon <dillon@apollo.backplane.com>
Cc: andrewr <andrewr@slack.net>, Archie Cobbs <archie@whistle.com>,
	Andrew McNaughton <andrew@squiz.co.nz>, freebsd-security@FreeBSD.ORG
Subject: RE: disapointing security architecture
Date: Fri, 12 Mar 1999 15:09:36 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2232.9)
Content-Type: text/plain
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The Rainbow-series is availble from:

	http://www.radium.ncsc.mil/tpep/

The TCSEC is now beeing replaced by CC (Common Criteria).
And certification is a costly process... :-(

Espen Torseth
espen.torseth@sds.no

> -----Original Message-----
> From:	Robert Watson [SMTP:robert@cyrus.watson.org]
> Sent:	12. mars 1999 14:51
> To:	Matthew Dillon
> Cc:	andrewr; Archie Cobbs; Andrew McNaughton;
> freebsd-security@FreeBSD.ORG
> Subject:	Re: disapointing security architecture
> 
> On Thu, 11 Mar 1999, Matthew Dillon wrote:
> 
> >     It would be hillarious if we could get a C2 certification for a base
> >     GENERIC system.
> 
> I think that would be great also, although possibly not GENERIC :-).
> POSIX.1e was intended to match the requirements of the various colored
> books.  Once we have Auditing and ACLs, I suspect we are getting fairly
> close to C2-capable.  I've never actually read those specs though--anyone
> know if they are still available, and if so have an ISBN?  If not, I can
> go dig up a reference librarian and have them find it for me, but Amazon
> is usually easiest :-).  
> 
> C2 certification is presumably also an expensive process; if someone wants
> to find a sponsor, we could almost certainly achieve C2 compliance with a
> little restriction of the base system and appropriate POSIX.1e options.
> Having a nice big "C2-Compliant!" stamp on the 4.0 CD would blow the
> competition out of the water (so to speak) and certainly be excellent PR.
> 
>   Robert N Watson 
> 
> robert@fledge.watson.org              http://www.watson.org/~robert/
> PGP key fingerprint: 03 01 DD 8E 15 67 48 73  25 6D 10 FC EC 68 C1 1C
> 
> Carnegie Mellon University            http://www.cmu.edu/
> TIS Labs at Network Associates, Inc.  http://www.tis.com/
> Safeport Network Services             http://www.safeport.com/
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message