[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: C2 vs Common Criteria [was: RE: Is this mail list dead?]

To: securedistros@nl.linux.org
Subject: Re: C2 vs Common Criteria [was: RE: Is this mail list dead?]
From: Crispin Cowan <crispin@wirex.com>
Date: Fri, 16 Mar 2001 18:30:35 -0800
Organization: WireX Communications, Inc.
References: <A77BEC1A2E6ED4118DD7006008C18DB873890A@stpntmx03.sctc.com> <3AB295EB.9000209@ksu.ru> <3AB2BF40.C56E1F39@sgi.com>
Reply-To: securedistros@nl.linux.org
Sender: owner-securedistros@nl.linux.org

LA Walsh wrote:

>         Secure = I've made my system a complex enough puzzle put off most
> people.

I have a problem with that one.  The above spec. describes security through
obscurity.  Here's my take:

Secure:  system architected such that only proper presentation of authentication
and authorization credentials permits access, and forging said credentials
requires solving intractable problems (e.g. factoring 1000 bit primes).

Apparently Secure:  no method is *known* to allow an attacker to violate
security.  Obscurity makes it hard to find such means to violate security, so
obscurity enhances Apparent Security(tm:-)

Trusted:  no method is known to allow an attacker to violate security, and some
fairly qualified people have looked really hard, and documented the places they
looked.

"Trusted", as in, "some folks trust this thing because they checked it out real
good." :-)

Crispin

--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution:                http://immunix.org

-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/

Follow-Ups:
- nsa code ?
  - From: aj@dungeon.inka.de (Andreas Jellinghaus)
- Re: C2 vs Common Criteria [was: RE: Is this mail list dead?]
  - From: Rick Smith at Secure Computing <rick_smith@securecomputing.com>

References:
- C2 vs Common Criteria [was: RE: Is this mail list dead?]
  - From: "Dowd, Alan" <alan_dowd@securecomputing.com>
- Re: C2 vs Common Criteria [was: RE: Is this mail list dead?]
  - From: Pedro Rosa <Pedro.Rosa@ksu.ru>
- Re: C2 vs Common Criteria [was: RE: Is this mail list dead?]
  - From: LA Walsh <law@sgi.com>

Prev by Date: Re: C2 vs Common Criteria [was: RE: Is this mail list dead?]
Next by Date: Re: Is this mail list dead?
Prev by thread: Re: C2 vs Common Criteria [was: RE: Is this mail list dead?]
Next by thread: nsa code ?
Index(es):
- Date
- Thread