Date: Mon, 13 Oct 1997 09:31:10 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: dcarmich@mcs.com (Douglas Carmichael) Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: C2 Trusted FreeBSD? Message-ID: <199710130931.CAA22060@usr08.primenet.com> In-Reply-To: <199710130125.UAA00293@dcarmich.pr.mcs.net> from "Douglas Carmichael" at Oct 12, 97 08:25:29 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> Could FreeBSD be made to comply with B1 or C2 trusted system standards > FOR REAL (unlike NT that can only comply when not hooked up to a network)? Networks are problematic. They require authentication in the form of a "ticket" or "cookie". Technically, one can always fake a "cookie", and the time limitation is meant to shorten (but not eliminate) the window in which the "cookie" is valid. FreeBSD could easily be made C2 compliant. B1 is a bith, in that it pretty much requires the network authentication go away. If I can't trust a remote machine, I can't trust it to say "yes, this person is who I say he or she is...". Security comes down to no external connections and a marine guard at the door of the Tempest vault, in most cases. 8-). Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710130931.CAA22060>