From owner-freebsd-hackers Mon Oct 13 02:31:17 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id CAA06233 for hackers-outgoing; Mon, 13 Oct 1997 02:31:17 -0700 (PDT) (envelope-from owner-freebsd-hackers) Received: from usr08.primenet.com (tlambert@usr08.primenet.com [206.165.6.208]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id CAA06226 for ; Mon, 13 Oct 1997 02:31:13 -0700 (PDT) (envelope-from tlambert@usr08.primenet.com) Received: (from tlambert@localhost) by usr08.primenet.com (8.8.5/8.8.5) id CAA22060; Mon, 13 Oct 1997 02:31:11 -0700 (MST) From: Terry Lambert Message-Id: <199710130931.CAA22060@usr08.primenet.com> Subject: Re: C2 Trusted FreeBSD? To: dcarmich@mcs.com (Douglas Carmichael) Date: Mon, 13 Oct 1997 09:31:10 +0000 (GMT) Cc: freebsd-hackers@FreeBSD.ORG In-Reply-To: <199710130125.UAA00293@dcarmich.pr.mcs.net> from "Douglas Carmichael" at Oct 12, 97 08:25:29 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > Could FreeBSD be made to comply with B1 or C2 trusted system standards > FOR REAL (unlike NT that can only comply when not hooked up to a network)? Networks are problematic. They require authentication in the form of a "ticket" or "cookie". Technically, one can always fake a "cookie", and the time limitation is meant to shorten (but not eliminate) the window in which the "cookie" is valid. FreeBSD could easily be made C2 compliant. B1 is a bith, in that it pretty much requires the network authentication go away. If I can't trust a remote machine, I can't trust it to say "yes, this person is who I say he or she is...". Security comes down to no external connections and a marine guard at the door of the Tempest vault, in most cases. 8-). Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.