[Normally I wouldn't reply to something like this to the whole
list, since it's a bit ad hominem even for the firewalls mailing
list, and it's really best to say these things offline where
there's less room for mutual embarrassment. However, since Karen
seems to have some misonceptions about me that she's willing to
publicly air, I'd like a chance to correct them.]
K Goertzel <goertzek @
>I just warn those on this group who hadn't already figured it out
>for themselves that Mr. Ranum's extremely negative opinions vis
>the NSA evaluation process are highly biassed and should in no way
>be taken as fact, or even as representative of a rational opinion
>on the subject.
Negative opinions should never be "taken as fact." They
are, indeed, opinions. They also are, indeed, extremely negative,
with respect to many aspects of the ITSEC. People who have had
the intestinal fortitude to follow some of my other opinions will
recall that I have often pointed out that basically, ITSEC is not
a bad idea - it's just a flawed, useless implementation.
Anyhow - be that as it may - I don't think the readership
of this mailing list is so dumb that you need to come in and play
umpire, effectively saying, "Marcus is a whacko and is not rational
on this topic." If the readership of this list decides that, they
are welcome to -- but I doubt they need your help. I'm sure that
everyone appreciates your selfless(*) efforts, though.
>While TCSEC and ITSEC evaluations have their
>problems, Mr. Ranum, an ex-TIS employee who clearly feels he was
>somehow "burned" by the TCSEC evaluation process at "high assurance"
>levels, clearly has an axe to grind that prevents him from providing
>anything like a helpful, well-reasoned opinion of these matters.
Actually, I can see how someone who knows nothing about
me or who has never met me might jump to such a completely inaccurate
conclusion. What's impressive is that you had the courage to post
it to the entire list, and the lack of wisdom to ask me offline
if it was the case. :)
That being said, when I worked at TIS I had nothing whatever
to do with the TCSEC systems or process. In fact, never, once, in
my career have I had anything more than a peripheral involvement
with TCSEC or its systems. It has never cost me any time, money, or
pain. My work at TIS was strictly butthonholed into firewalls and
the whitehouse.gov work, and my only association with TCSEC
systems was from watching the smoke clouds and battle-damage
at a distance. It *DID* give me a good opportunity to learn
more about them, and to decide that practically it is an
That you feel I clearly have an axe to grind is somewhat
correct: I think that TCSEC is a false god that has set computer
security back 10 years, through its mindless adherence to rote
checklists and entrenched procedures, rather than a creative and
dynamic approach. I am an engineer, not a politician, or marketer,
and I despise seeing "solutions" that do not work foisted off
on the taxpayers (some of whom read this list!) as god's own
solution to every problem on earth.
But, whether or not I think TCSEC is stupid, or whether
or not you feel I am irrational on the topic, I'd prefer you to
address my arguments on their merits, rather than by trying to
dismiss me to the readership at large as a whacko.
They already *KNOW* I am a whacko, Karen. :)
But that doesn't mean I am *WRONG*.
Rick, from SCTC, has made lots of postings to this
forum, which represent the good parts of the TCSEC process.
Yes - people have learned a lot of useful things from it.
Indeed, it has produced security expertise such as Rick
represents. That's great and that's valuable.
What sends me off is when vendors, who have invested
huge amounts of their money (and huge amounts of the taxpayer's
money!) to produce systems that are unworkable, unweildy, and
obsolete, try to push them off as something that is cutting
edge and wonderful -- and it works. The vendors are ruthlessly
exploiting the customers' ignorance about security. It is
short-sighted and fundamentally wrong and if you detect that
I am annoyed by that fact, you are 100% correct.
Look at the recent nonsense from Microsoft, where
they lobbied through a certification of Windows NT at C2(yawn!)
so they could tout it as a secure system and score marketing
points. Doesn't that bother you just a little bit??? Many of
the people who read this list understand the bogosity of
Microsoft's move - I'd be surprised if a few of the vendors
who have slaved in the TCSEC world aren't a bit annoyed by
What has happened to TCSEC is that it's no longer
about security, it's about politics, vendor lock-out, rigging
procurements by eliminating more cost-effective systems,
and turf warfare within the DOD community. *THAT* is the
part of TCSEC that I have seen. So, yes, I tend to throw
the baby out with the bathwater. Sometimes it's worth it.
>As for his opinions on MULTICS, I happen to know many dozens of
>former Multicians, all of whom would loudly disagree with his "one
Yep, that's fine. There are always a few. I know folks
who swear TOPS-10 is the best thing (still!) since sliced bread.
That's fine. But you can't tell me it's state of the art. :)
I kind of wish I hadn't thrown away my DOCKMASTER manuals. The
command environment of MULTICS is useful for would-be UNIX
gurus to study as compuarcheology. It shows you clearly what
K&T&R were reacting *TO* when they designed UNIX. And why. :)
>I do not wish to start a flame war with Mr. Ranum, but I have been
>following his opinions on high-assurance evaluations for several
>months now, and have yet to find anything like a calm, well-reasoned
>opinion in any of his diatribes on the subject.
Obviously! :) Launching ad hominem attacks is the classic
way of not starting a flame war! :)
Rick Smith has been doing an excellent job of pointing
out the good parts of the orange book approach, and has been
rationally contrasting the perspective I am presenting (the
"just hack it!" engineer) against the formal methodologist.
That's a worthwhile discussion.
If you think my diatribes are irrational, that's fine,
but simply trying to dismiss me is not a very strong argument
against my position.
>Karen Goertzel Manager, International Programmes and Special Projects
>Secure Systems and Services Operation Wang Federal, Inc. 7900
>Westpark Drive - MS 700 McLean, Virginia 22102-4299