> Date: Thu, 30 Nov 95 09:59:46 -0500
> From: "K Goertzel" <goertzek @
> Subject: Re: A1 Systems?
> While TCSEC and ITSEC evaluations have their problems....
> As for his opinions on MULTICS, I happen to know many dozens of former
> Multicians, all of whom would loudly disagree with his "one man's opinion".
> I do not wish to start a flame war with Mr. Ranum, but I have been following his
> opinions on high-assurance evaluations for several months now, and have yet to
> find anything like a calm, well-reasoned opinion in any of his diatribes on the
I'm not going to stick-up for Marcus. He's a big boy and can do that
for himself. The more inportant question is "What does it have to do
with Firewalls ?" A-1 features may be fine if you need them to
support your security policy. Do you need to implement them on your
firewall ? I don't know...it is your policy and firewall, isn't it ?
The main point I see is that high security and assurance of that
security (2 different animal) has high overhead (system and
administrative). Many of us (at least I) would be happy to have a
high assurance C-2 file server and a relativly "snoop-free" net. A-1
has a very limited customer base and an even lower interest base
Bob Resino (GS-334/12) Data-Telecommunications Div
804-398-7400 Ext 322 Medical Construction Liaison
" To be or not to be ... HSO, Norfolk, VA 23508-1200
was there any doubt"