At 06:19 PM 9/5/96 -0400, you wrote:
>> Of course C2 security is better than no security, but C2 was never
>> ...
>Welll ....... it is if you understand its limitations. Otherwise ...
<snip>
>(1) B1 is not much better than C2.
>(2) The strengths of B2 and above are related to the high assurance issues
> rather than to the features. At B2 you have a very good expectation
<snip>
>I would also argue the issue that TCSEC strictly addressed the military.
<snip>
Using ancient government specs for leading edge technology is like trying
to wedge square pegs into round holes.
Since none of the existing certification processes comply with our requirements
for firewalls, why not write our own security certification? Let Gatekeepers
write an RFC as a customer writes a RFQ.
The "Great Circle Firewall-List certification version 1.0", or gcfl-1.
There. I said it. 'Make it so', and 'Engage'.
Bill Stout
_______________________________________________________________________________
Senior Systems Admin NT/UNIX/I-net/Routers/Mainframes/Janitor ;)
Hitachi Data Systems 408-970-4822 --- Disclaimer: I speak only for myself
___________"Infowar, Cyber-war, yes, 'they' _are_ out to get you..."___________
|
|
