Return to BSD News archive
Path: euryale.cc.adfa.oz.au!olive.mil.adfa.oz.au!navmat.navy.gov.au!posgate.acis.com.au!warrane.connect.com.au!news.syd.connect.com.au!news.mel.connect.com.au!munnari.OZ.AU!spool.mu.edu!howland.reston.ans.net!cs.utexas.edu!not-for-mail From: dhs@cs.utexas.edu (Douglas H. Steves) Newsgroups: comp.os.linux.development.system,comp.os.linux.misc,comp.os.linux.networking,comp.unix.bsd.freebsd.misc,comp.unix.bsd.netbsd.misc,comp.unix.bsd.bsdi.misc Subject: Re: need secure OS to entrust millions to Date: 25 Feb 1996 10:26:17 -0600 Organization: CS Dept, University of Texas at Austin Lines: 24 Message-ID: <4gq2j9$2g48@babyhuey.cs.utexas.edu> References: <4gi6t6$3h9@lace.colorado.edu> <31304401.3341@pinsight.com> NNTP-Posting-Host: babyhuey.cs.utexas.edu Xref: euryale.cc.adfa.oz.au comp.os.linux.development.system:18064 comp.os.linux.misc:88628 comp.os.linux.networking:29759 comp.unix.bsd.freebsd.misc:14389 comp.unix.bsd.netbsd.misc:2329 comp.unix.bsd.bsdi.misc:2471 In article <31304401.3341@pinsight.com>, Roy A. Gilmore <royg@pinsight.com> wrote: >Banks need B1-B2 level security. No. Most of the functional differences at B1+ are related to mandatory [sic] access controls, which is a DoD-ish policy/fetish that doesn't apply to commercial environments. A lot of the remainder are miscontrived and misconstrued software engineering fallacies that have nothing to do with real security. > Read the DoD's "Rainbow Series". The pot at the end of the "Rainbow Series" doesn't contain gold. >Must be "amateur hour" again. Feel sorry for your customers... Ditto. More generally, I feel sorry for people that use systems designed according to the NSA/NCSC misapprehensions in this area. Their secure OS policies are almost as ludicrous as their crypto policies, and just about as damaging. >// America Online: RAGged Roy // Sorry - didn't realize *who* I was talking to. Doug