From owner-freebsd-security  Mon Jul 10 10:20:02 1995
Return-Path: security-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id KAA16024
          for security-outgoing; Mon, 10 Jul 1995 10:20:02 -0700
Received: from mgs.mgsinc.com (root@[204.183.227.2])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id KAA16011
          for <security@freebsd.org>; Mon, 10 Jul 1995 10:19:48 -0700
Received: from loc10.mgsinc.com ([204.183.227.10]) by mgs.mgsinc.com (8.6.12/8.6.9) with SMTP id NAA02503; Mon, 10 Jul 1995 13:16:24 -0400
Date: Mon, 10 Jul 95 12:54:37 PDT
From: "Michael J. Caughey" <mcaughey@mgsinc.com>
Subject: Re: Byet April 95 no ref to screennd 
To: "Michael J. Caughey" <mcaughey@mgsinc.com>,
        Paul Traina <pst@shockwave.com>
Cc: Pete Kruckenberg <pete@dsw.com>, Tom Samplonius <tom@uniserve.com>,
        Julian Howard Stacey <jhs@vector.eikon.e-technik.tu-muenchen.de>,
        security@freebsd.org
X-Mailer: Chameleon ARM_55, TCP/IP for Windows, NetManage Inc.
Message-ID: <Chameleon.950710131831.mcaughey@loc10.mgsinc.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: security-owner@freebsd.org
Precedence: bulk


>I'd be surprised if you could find -any- firewall package that would
>"legally validate its security."  An author or company would have to
>be positively and absolutely insane to do so,  and I'd run away from
>them as quickly as possible, because I'd figure if they're that stupid
>then their product is probably crap too.
>

   I can see what your trying to say.  I don't want to get into a heated flame war 
here, so let me explain myself.  I simply asked if I could purchase the Product from 
him, Paul Vixie, and he said he could not legally do so.  I never mentioned "legally 
validate its security".  He said, his hands were tied legally to sell it.   When I 
tried to set up some kind of support plan with him he said, no problem.  Then said he 
wasn't sure if he could legally do that.  Of course this wasn't definate, but it was 
left to that about three weeks ago and I have yet to here from him.  I started talking 
with him about three or four weeks pirior to that. 

	As far selling a product that is secure that is supposed to provide security, 
I would expect some sort of legal statement that it can provide some level of 
security.  Quite obiviously, certian limitations would be expectable, such as if 
someone got root on your system because you failed to properly configure it.

	The level of security I was looking for to make sure there were no "BACK 
DOORS" that someone could use.   I don't believe that is to much to ask for from the 
author of a product, especially one that is to be part of your network security.  But 
he said he could not do so.  

I'm sorry if you miss understood me.



END
------------------------------------------
Name   : Michael Caughey
E-mail : mcaughey@mgsinc.com

MGS, Inc.           Phone   (804) 379-0230
Richmond, Va        Fax     (804) 379-1299

Eastern Daylight Time: 12:54:37 , 07/10/95
------------------------------------------