From owner-freebsd-security@FreeBSD.ORG Wed Mar 15 12:01:44 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0DC0216A420 for ; Wed, 15 Mar 2006 12:01:44 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E65B43D69 for ; Wed, 15 Mar 2006 12:01:27 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 92A9C46BA1; Wed, 15 Mar 2006 07:01:02 -0500 (EST) Date: Wed, 15 Mar 2006 12:02:19 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= In-Reply-To: <86irqhf6om.fsf@xps.des.no> Message-ID: <20060315115842.M5861@fledge.watson.org> References: <4415C065.7040206@elischer.org> <4416C64C.7090309@open-networks.net> <86irqhf6om.fsf@xps.des.no> MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-1890501141-1142424139=:5861" Cc: Timothy Smith , freebsd-security@freebsd.org, Julian Elischer , Jason M Subject: Re: DSD Approved Products X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Mar 2006 12:01:44 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-1890501141-1142424139=:5861 Content-Type: TEXT/PLAIN; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE On Tue, 14 Mar 2006, Dag-Erling Sm=F8rgrav wrote: > Timothy Smith writes: >> it can't be too hard to get on that list. windows 2000 is on there. > > Very funny. > > Getting a Common Criteria certification requires: > > - a big wad of money > - lots and lots of very boring paperwork > - an even bigger wad of money > > Sadly, Microsoft has that, and we don't. Having been involved in the certication process for Mac OS X, I know a litt= le=20 about this process now, and the main thing to understand is that the common= =20 criteria process is about certifying products from vendors. We have a=20 product, but we're not actually a vendor. Vendors are typically the ones t= hat=20 find the rather large sums of cash required to complete the certification= =20 process. That said, we're now at the point where we basically have all the required= =20 functionality for a CAPP evaluation in 7.x-CURRENT, and I'll be merging the= =20 audit support to 6.x in the near future. I had hoped to ship it in 6.1, bu= t=20 things haven't gone quite as quickly as I hoped. I'll MFC the security aud= it=20 support pretty quickly after the 6.1 release now that it has settled out so= me=20 in CVS HEAD. There is some additional functional work that needs to be don= e,=20 but it is generally in progress at this point. Something we can do to make a CAPP evaluation for FreeBSD easier is to star= t=20 providing the security target documentation and assurance documentation.=20 That way if a vendor turns up and is interested in certifying, it will be a= =20 lot easier for them. Robert N M Watson --0-1890501141-1142424139=:5861--