Great Circle Associates Firewalls
(July 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: NCSA Certification
From: Robert Bonomi <bonomi @ delta . eecs . nwu . edu>
Date: Mon, 1 Jul 1996 10:35:50 -0500 (CDT)
To: firewalls @ GreatCircle . COM 
+ From: CMH @
 Interramp .
 com (Corey M. Horowitz)
+ Subject: Re: NCSA Certification
+ Cc: firewalls @
 GreatCircle .
 COM
+ Sender: firewalls-owner @
 GreatCircle .
 COM
+ 
+ At 08:34 AM 7/1/96, gary flynn wrote:
+ >> I think some  important  important questions need to asked:
+ >>
+ >> 1.  Who appointed the NCSA as the proper body to approve firewalls?
+ >>
+ >
+ >I think your questions are valid but I think the underlying
+ >principle is "lead, follow, or get the hell out of the way" :-)
+ 
+ 
+ I think you're all missing the point.  I have no problem with the concept
+ of the NCSA or any other responsible body acting as a protector of the
+ public interest in insuring that all firewall products deliver the security
+ promised or, at a minimum, necessary to adequately protect our networks.
+ The mission statement is admirable.  The execution is faulty.
+ 
+ According to Mr. Tippett, President of NCSA, "the NCSA tries to act in this
+ regard like a government agency for the commercial sector." (Communications
+ Week. June 17).   What goverment agency requires membership for a fee prior
+ to testing a vendors product?  Moreover, isn't the NCSA's list just an
+ advertisement unless all firewall vendors are invited to have their product
+ tested irrespective of membership in the NCSA?  Does the list state that it
+ is an ad for the NCSA and its members?
+ 
+ Mr Tippett adds  " "you shouldn't buy a firewall that hasn't been tested
+ and certified, just like youshuldn't buy a  lamp that does not have a UL
+ stamp on it." (Communications Week, June 17).  I don't believe the UL is a
+ for-profit organization nor is any vendor's product not acceptable for
+ testing.


I'll admit ignorance about UL's for-profit status, and I'll agree that they
-wiLl- test anything for anybody.  I would point out that they -CHARGE- for
doing that testing, however. 

I'll suggest that there's no problem with NCSA charging a fee for the eval-
uation, *even*if* there are different fee schedules for members/non-members.

Does anybody _know_ if NCSA -would- test a non-member implementation?
Indexed By Date Previous: NT security--Bill Stout's list
From: dnewman @ mcgraw-hill . com
Next: Re: NCSA Certification -Reply
From: "Samuel T. Baker" <sbaker @ mail . state . tn . us>
Indexed By Thread Previous: Re: NCSA Certification
From: Ian Johnstone-Bryden <ianj-b @ dial . pipex . com>
Next: Re: NCSA Certification -Reply
From: "Samuel T. Baker" <sbaker @ mail . state . tn . us>
Google
 
Search Internet Search www.greatcircle.com