From owner-freebsd-hackers  Mon Oct 13 04:37:28 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id EAA15893
          for hackers-outgoing; Mon, 13 Oct 1997 04:37:28 -0700 (PDT)
          (envelope-from owner-freebsd-hackers)
Received: from monoid.cs.tcd.ie (monoid.cs.tcd.ie [134.226.38.99])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id EAA15873
          for <freebsd-hackers@FreeBSD.ORG>; Mon, 13 Oct 1997 04:37:22 -0700 (PDT)
          (envelope-from careilly@monoid.cs.tcd.ie)
Received: from monoid.cs.tcd.ie (localhost.my.domain [127.0.0.1])
	by monoid.cs.tcd.ie (8.8.5/8.8.5) with ESMTP id MAA09217;
	Mon, 13 Oct 1997 12:36:42 +0100 (IST)
Message-Id: <199710131136.MAA09217@monoid.cs.tcd.ie>
To: Terry Lambert <tlambert@primenet.com>
cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: C2 Trusted FreeBSD? 
X-Address: Department of Computer Science, Trinity College, Dublin 2, Ireland.
X-Phone: +353-(0)1-6081321
In-reply-to: Message from Terry Lambert 
                              dated today at 09:31.
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <9211.876742600.1@monoid.cs.tcd.ie>
Content-Description: text
Date: Mon, 13 Oct 1997 12:36:41 +0100
From: Colman Reilly <careilly@monoid.cs.tcd.ie>
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


     FreeBSD could easily be made C2 compliant.  B1 is a bith, in that it
     pretty much requires the network authentication go away.  If I can't
     trust a remote machine, I can't trust it to say "yes, this person is
     who I say he or she is...".
One of the reasons I prefere the ITSEC model is that it allows you write down
your own security claims depending on what you want to be able to say. Far
more flexible than Orange Book.

In any case, there's nothing in B1 to prevent you trusting an external
machine, so long as it come in over a secure enough channel. Consider the
external machine as part of the system. (Is there? Not on my reading of 
the standard anyway.)
     
     Security comes down to no external connections and a marine guard at
     the door of the Tempest vault, in most cases.  8-).
With a small nuclear device attached to your hardware in case the guards are
overcome. 

Colman