From owner-freebsd-chat  Fri Mar 14  9:31:58 2003
Delivered-To: freebsd-chat@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2B9BE37B404
	for <freebsd-chat@freebsd.org>; Fri, 14 Mar 2003 09:31:56 -0800 (PST)
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1640643FBF
	for <freebsd-chat@freebsd.org>; Fri, 14 Mar 2003 09:31:55 -0800 (PST)
	(envelope-from des@ofug.org)
Received: by flood.ping.uio.no (Postfix, from userid 2602)
	id A33755308; Fri, 14 Mar 2003 18:31:53 +0100 (CET)
X-URL: http://www.ofug.org/~des/
X-Disclaimer: The views expressed in this message do not necessarily
  coincide with those of any organisation or company with
  which I am or have been affiliated.
To: "Gregory A. Gilliss" <ggilliss@netpublishing.com>
Cc: freebsd-chat@freebsd.org
Subject: Re: Linux and Oracle Going for Security Certification
From: des@ofug.org (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=)
Date: Fri, 14 Mar 2003 18:31:52 +0100
In-Reply-To: <20030314170248.GA40497@netpublishing.com> ("Gregory A.
 Gilliss"'s message of "Fri, 14 Mar 2003 09:02:48 -0800")
Message-ID: <xzp4r65am7r.fsf@flood.ping.uio.no>
User-Agent: Gnus/5.090015 (Oort Gnus v0.15) Emacs/21.2
References: <20030314170248.GA40497@netpublishing.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-chat.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-chat>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-chat>
X-Loop: FreeBSD.org

"Gregory A. Gilliss" <ggilliss@netpublishing.com> writes:
> details how Oracle and Red Hat are attempting to have RH Linux certified
> for an EAL2 certification.  A successful eval will allow RH (and Oracle,
> who are adopting the platform aggressively) to create a "standard" secure
> distro, which will almost certainly be adopted by the public and private
> sector.

As has already been pointed out in other fora, an EAL certification -
especially EAL2, which is the second lowest level rung on the 7-rung
EAL ladder - means absolutely nothing.  Microsoft Windows 2000 SP3 was
recently certified at EAL4.  I'm sure the RedHat are *real* proud that
(if you give EAL certification any credence) their OS is certifiably
less secure than Windows 2000, by about two levels of magnitude.

DES
-- 
Dag-Erling Smorgrav - des@ofug.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message