From owner-securedistros@nl.linux.org Thu Jan 13 20:10:49 2000 Received: by humbolt.nl.linux.org id ; Thu, 13 Jan 2000 20:09:26 +0100 Received: from firewall.humongous.com ([206.165.251.1]:13592 "HELO firewall.humongous.com" smtp-auth: ) by humbolt.nl.linux.org with SMTP id ; Thu, 13 Jan 2000 20:09:01 +0100 Received: from [10.0.150.201] by firewall.humongous.com via smtpd (for humbolt.geo.uu.nl [131.211.28.48]) with SMTP; 13 Jan 2000 19:16:12 UT Received: by BIGPIG with Internet Mail Service (5.5.2448.0) id ; Thu, 13 Jan 2000 11:04:36 -0800 Message-ID: <3124AB5C4D11D31187DC005004185D1B025BC28A@BIGPIG> From: "Ford, Ken" To: "'securedistros@nl.linux.org'" Subject: Date: Thu, 13 Jan 2000 11:04:29 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list $ echo subscribe securedistros | mail majordomo@nl.linux.org - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@nl.linux.org Thu Jan 13 23:19:48 2000 Received: by humbolt.nl.linux.org id ; Thu, 13 Jan 2000 23:18:29 +0100 Received: from ns1.umkc.edu ([134.193.1.2]:47882 "EHLO ns1.umkc.edu" smtp-auth: ) by humbolt.nl.linux.org with ESMTP id ; Thu, 13 Jan 2000 23:18:03 +0100 Received: from cstp.umkc.edu (IDENT:david@lucy [134.193.69.99]) by ns1.umkc.edu (8.9.3/8.9.0) with ESMTP id QAA25591 for ; Thu, 13 Jan 2000 16:14:37 -0600 (CST) Message-ID: <387E4E3A.7165B418@cstp.umkc.edu> Date: Thu, 13 Jan 2000 22:14:18 +0000 From: "David L. Nicol" Organization: University of Missouri - Kansas City network operations X-Mailer: Mozilla 4.7 [en] (X11; I; Linux 2.2.12-mosix i586) X-Accept-Language: en MIME-Version: 1.0 To: securedistros@nl.linux.org Subject: Re: References: <3124AB5C4D11D31187DC005004185D1B025BC28A@BIGPIG> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list "Ford, Ken" wrote: > > $ echo subscribe securedistros | mail majordomo@nl.linux.org > - > Securedistros: A common list for all secured Linux distributions > Archive: http://humbolt.nl.linux.org/lists/ uh, like, "ack" or something -- this message hit the list not the butler ______________________________________________________ David Nicol 816.235.1187 nicold@umkc.edu "-b Has no effect; ... This option is on by default." - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@nl.linux.org Sat Jan 15 04:13:19 2000 Received: by humbolt.nl.linux.org id ; Sat, 15 Jan 2000 04:11:28 +0100 Received: from storm.ca ([209.87.224.69]:54402 "EHLO mail.storm.ca" smtp-auth: ) by humbolt.nl.linux.org with ESMTP id ; Sat, 15 Jan 2000 04:10:48 +0100 Received: from storm.ca (ppp003.ottawa.storm.ca [209.87.227.3]) by mail.storm.ca (8.8.8+Sun/8.8.8) with ESMTP id WAA29540; Fri, 14 Jan 2000 22:07:08 -0500 (EST) Message-ID: <387FE493.AE99F307@storm.ca> Date: Fri, 14 Jan 2000 22:08:03 -0500 From: Sandy Harris X-Mailer: Mozilla 4.7 [en] (Win98; U) X-Accept-Language: en,fr MIME-Version: 1.0 To: linux-ipsec@clinet.fi, securedistros@nl.linux.org Subject: Future FreeS/WAN users? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list Slashdot reports the NSA have let a contract for a security-enhanced Linux. http://biz.yahoo.com/prnews/000113/ca_secure__1.html Somehow I suspect this code may not be open source. - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@nl.linux.org Sat Jan 15 05:04:13 2000 Received: by humbolt.nl.linux.org id ; Sat, 15 Jan 2000 05:02:34 +0100 Received: from adsl-216-103-8-86.dsl.sndg02.pacbell.net ([216.103.8.86]:26117 "HELO freeside.ultraviolet.org" smtp-auth: ) by humbolt.nl.linux.org with SMTP id ; Sat, 15 Jan 2000 05:01:47 +0100 Received: (qmail 25297 invoked by uid 500); 15 Jan 2000 03:58:46 -0000 Date: Fri, 14 Jan 2000 19:58:46 -0800 From: Tracy R Reed To: securedistros@nl.linux.org Cc: linux-ipsec@clinet.fi Subject: Re: Future FreeS/WAN users? Message-ID: <20000114195846.F13016@ultraviolet.org> References: <387FE493.AE99F307@storm.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <387FE493.AE99F307@storm.ca>; from sandy@storm.ca on Fri, Jan 14, 2000 at 10:08:03PM -0500 Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list On Fri, Jan 14, 2000 at 10:08:03PM -0500, Sandy Harris wrote: > Slashdot reports the NSA have let a contract for a security-enhanced > Linux. > > http://biz.yahoo.com/prnews/000113/ca_secure__1.html > > Somehow I suspect this code may not be open source. Lots of people have been saying this but I don't quite understand how that can be. Unless the NSA never distributes their work to any other agency or organisation they cannot close the source. Do you suggest that they will never distribute it? Or do you suggest that they will blatantly break the law? If they intended to do the latter they would have just classified the whole project and never let anyone know about it. -- Tracy Reed http://www.ultraviolet.org PPTP = Native American outhouse - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@nl.linux.org Sat Jan 15 05:43:17 2000 Received: by humbolt.nl.linux.org id ; Sat, 15 Jan 2000 05:41:46 +0100 Received: from terra.geo.uu.nl ([131.211.29.16]:7931 "EHLO terra.geo.uu.nl" smtp-auth: ) by humbolt.nl.linux.org with ESMTP id ; Sat, 15 Jan 2000 05:41:23 +0100 Received: from media.umbc.edu (IDENT:ray@media.umbc.edu [130.85.179.78]) by terra.geo.uu.nl (8.9.3/8.9.3/TvZ) with ESMTP id FAA09368 for ; Sat, 15 Jan 2000 05:38:02 +0100 (MET) Received: (from ray@localhost) by media.umbc.edu (8.8.7/8.8.7) id XAA10881 for securedistros@nl.linux.org; Fri, 14 Jan 2000 23:36:34 -0500 Date: Fri, 14 Jan 2000 23:36:34 -0500 From: Ray Shaw To: securedistros@nl.linux.org Subject: Re: Future FreeS/WAN users? Message-ID: <20000114233634.B10556@media.umbc.edu> References: <387FE493.AE99F307@storm.ca> <20000114195846.F13016@ultraviolet.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20000114195846.F13016@ultraviolet.org>; from treed@ultraviolet.org on Fri, Jan 14, 2000 at 07:58:46PM -0800 Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list > > Slashdot reports the NSA have let a contract for a security-enhanced > > Linux. > be. Unless the NSA never distributes their work to any other agency or > organisation they cannot close the source. Do you suggest that they will never They may not intend to distribute it. They can't be accused of being open and giving in the past :) If they have a 3rd party develop it for them, then the 3rd party must release the full source of their modifications to whoever they allow binaries. If the NSA doesn't let them distribute binaries, then no source, either. I'm also very unclear as to exactly what is meant by "security-enhanced Linux". If they mean to include crypto, then they can't feasibly distribute it anyway...I don't think that NSA qualifies to use RSAREF2, so they'd have to get a license from RSA, but nobody else (inside the US) would be allowed to use it. Unless, however, they worked out something where they could sell this product, like RedHat selling their "Deluxe" package with SSL-Apache, and have a licensing agreement. It would be cool if someone would sell a Linux distro w/ licensed SSL (stunnel, mod_ssl, etc.); companies would really go for that. --Ray -------------------------------- Soto la panche, La capra crepa Sopra la panche, La capra campa - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@nl.linux.org Sat Jan 15 17:42:55 2000 Received: by humbolt.nl.linux.org id ; Sat, 15 Jan 2000 17:40:39 +0100 Received: from gamera.ucs.umbc.edu ([130.85.70.99]:57113 "HELO gamera.ucs.umbc.edu" smtp-auth: ) by humbolt.nl.linux.org with SMTP id ; Sat, 15 Jan 2000 17:40:13 +0100 Received: by gamera.ucs.umbc.edu (Postfix, from userid 37585) id 7A805CA277B; Sat, 15 Jan 2000 11:36:45 -0500 (EST) Date: Sat, 15 Jan 2000 11:36:45 -0500 From: "J. Lasser" To: Ray Shaw Cc: securedistros@nl.linux.org Subject: Re: Future FreeS/WAN users? Message-ID: <20000115113645.B47124@gamera.ucs.umbc.edu> References: <387FE493.AE99F307@storm.ca> <20000114195846.F13016@ultraviolet.org> <20000114233634.B10556@media.umbc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20000114233634.B10556@media.umbc.edu>; from ray@media.umbc.edu on Fri, Jan 14, 2000 at 11:36:34PM -0500 Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list In the wise words of Ray Shaw: > I'm also very unclear as to exactly what is meant by > "security-enhanced Linux". If they mean to include crypto, then they > can't feasibly distribute it anyway...I don't think that NSA qualifies > to use RSAREF2, so they'd have to get a license from RSA, but nobody > else (inside the US) would be allowed to use it. Unless, however, > they worked out something where they could sell this product, like > RedHat selling their "Deluxe" package with SSL-Apache, and have a > licensing agreement. It would be cool if someone would sell a Linux > distro w/ licensed SSL (stunnel, mod_ssl, etc.); companies would > really go for that. Well, actually, the article I saw said something on capabilities enhancement. This probably means posix-style rather than 'real' capabilities, but who knows? As far as crypto goes, this won't be a problem for long. First, of course, are the new export regulations, which while not perfect sure look better. Second, and to answer the issues above, the RSA patent expires this year, in either September or October, after which the patent and licensing issues are a moot point. -- Fear leads to anger. Jon Lasser http://www.tux.org/~lasser/ Anger leads to hate. Work: jon@umbc.edu 410-455-3708 Hate leads to suffering. Home: jon@lasser.org 410-383-7962 Suffering leads to book deals. -- Yoda, I think - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@nl.linux.org Sat Jan 15 19:03:17 2000 Received: by humbolt.nl.linux.org id ; Sat, 15 Jan 2000 19:00:55 +0100 Received: from p020-05.netc.pt ([212.18.170.20]:22049 "HELO p020-05.netc.pt" smtp-auth: ) by humbolt.nl.linux.org with SMTP id ; Sat, 15 Jan 2000 19:00:17 +0100 Received: (qmail 18790 invoked by uid 1000); 15 Jan 2000 16:14:04 -0000 From: l41484@alfa.ist.utl.pt Date: Sat, 15 Jan 2000 17:14:03 +0100 To: securedistros@nl.linux.org Subject: Re: Future FreeS/WAN users? Message-ID: <20000115171403.A18631@cavorka.umm.home> References: <387FE493.AE99F307@storm.ca> <20000114195846.F13016@ultraviolet.org> <20000114233634.B10556@media.umbc.edu> <20000115113645.B47124@gamera.ucs.umbc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20000115113645.B47124@gamera.ucs.umbc.edu>; from jon@umbc.edu on Sat, Jan 15, 2000 at 11:36:45AM -0500 Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list On Sat, Jan 15, 2000 at 11:36:45AM -0500, J. Lasser wrote: > In the wise words of Ray Shaw: > > > I'm also very unclear as to exactly what is meant by > > "security-enhanced Linux". If they mean to include crypto, then they > > can't feasibly distribute it anyway...I don't think that NSA qualifies > > to use RSAREF2, so they'd have to get a license from RSA, but nobody > > else (inside the US) would be allowed to use it. Unless, however, > > they worked out something where they could sell this product, like > > RedHat selling their "Deluxe" package with SSL-Apache, and have a > > licensing agreement. It would be cool if someone would sell a Linux > > distro w/ licensed SSL (stunnel, mod_ssl, etc.); companies would > > really go for that. > > Well, actually, the article I saw said something on capabilities > enhancement. This probably means posix-style rather than 'real' > capabilities, but who knows? What i've understood from the article it has something in the lines of compartmentalized areas a little like HP's virtual vault. -- Tiago Pascoal (l41484@alfa.ist.utl.pt) FAX : +351-1-7273394 Politicamente incorrecto, e membro (nao muito) proeminente da geracao rasca. Recem empossado (engajado) cidadao da republica das bananas. - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@nl.linux.org Mon Jan 17 12:39:35 2000 Received: by humbolt.nl.linux.org id ; Mon, 17 Jan 2000 12:37:26 +0100 Received: from kerberos2.troja.mff.cuni.cz ([195.113.28.3]:38436 "HELO kerberos2.troja.mff.cuni.cz" smtp-auth: ) by humbolt.nl.linux.org with SMTP id ; Mon, 17 Jan 2000 12:36:56 +0100 Received: (qmail 552 invoked from network); 17 Jan 2000 10:44:53 -0000 Received: from argo.troja.mff.cuni.cz (195.113.28.11) by humbolt.geo.uu.nl with SMTP; 17 Jan 2000 10:44:53 -0000 Received: (qmail 32489 invoked by uid 501); 17 Jan 2000 10:44:52 -0000 Date: Mon, 17 Jan 2000 11:44:52 +0100 (MET) From: Pavel Kankovsky To: securedistros@nl.linux.org Subject: Re: Future FreeS/WAN users? In-Reply-To: <20000115171403.A18631@cavorka.umm.home> Message-ID: <20000117112120.7EB7.0@argo.troja.mff.cuni.cz> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list On Sat, 15 Jan 2000 l41484@alfa.ist.utl.pt wrote: > On Sat, Jan 15, 2000 at 11:36:45AM -0500, J. Lasser wrote: > > In the wise words of Ray Shaw: > > > > > I'm also very unclear as to exactly what is meant by > > > "security-enhanced Linux". If they mean to include crypto, then they ... > > Well, actually, the article I saw said something on capabilities > > enhancement. This probably means posix-style rather than 'real' > > capabilities, but who knows? > > What i've understood from the article it has something in the lines of > compartmentalized areas a little like HP's virtual vault. They say are going to add "Type Enforcement" to the kernel. Type enforcement (or "domain and type enforcement", DTE) is a relatively simple static mandatory access control policy that labels all objects with "types", all subjects (including software components) with "domains", and decides whether a particular access is permitted using a predefined domains*types access matrix. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@nl.linux.org Mon Jan 17 17:27:46 2000 Received: by humbolt.nl.linux.org id ; Mon, 17 Jan 2000 17:25:05 +0100 Received: from beach.sctc.com ([192.55.214.50]:2599 "EHLO beach.sctc.com" smtp-auth: ) by humbolt.nl.linux.org with ESMTP id ; Mon, 17 Jan 2000 17:24:28 +0100 Received: from beach.sctc.com (root@localhost) by beach.sctc.com with ESMTP id KAA16773; Mon, 17 Jan 2000 10:26:17 -0600 (CST) Received: from sphinx.sctc.com (sphinx.sctc.com [172.17.192.3]) by beach.sctc.com with ESMTP id KAA16769; Mon, 17 Jan 2000 10:26:17 -0600 (CST) Received: from stpsowk48 (stpsowk48.sctc.com [172.17.192.178]) by sphinx.sctc.com (8.8.8+Sun/8.7.3) with ESMTP id KAA05434; Mon, 17 Jan 2000 10:20:57 -0600 (CST) Received: (from mbeede@localhost) by stpsowk48 (8.8.8+Sun/) id KAA02219; Mon, 17 Jan 2000 10:20:58 -0600 (CST) Date: Mon, 17 Jan 2000 10:20:58 -0600 (CST) Message-Id: <200001171620.KAA02219@stpsowk48> From: Mike Beede To: securedistros@nl.linux.org CC: linux-ipsec@clinet.fi Subject: Re: Future FreeS/WAN users? Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list > Slashdot reports the NSA have let a contract for a security-enhanced > Linux. > > http://biz.yahoo.com/prnews/000113/ca_secure__1.html > > Somehow I suspect this code may not be open source. Your suspicion, while reasonable, turns out to be wrong. We are planning on putting up a more detailed explanation of our intentions in the next couple of days. For now, suffice it to say that it's our intent to release under the GPL. I'll notify the list when they put up the statement. I believe it will focus on the project relative to the GPL. Having a secure operating system available to the community will also benefit us, by giving us a non-proprietary platform for our security products. Mike Beede -- mbeede@securecomputing.com Secure Computing 2675 Long Lake Road Roseville MN (612) 628-2749 - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@nl.linux.org Mon Jan 17 18:04:13 2000 Received: by humbolt.nl.linux.org id ; Mon, 17 Jan 2000 18:01:27 +0100 Received: from midten.fast.no ([213.188.8.11]:23052 "EHLO midten.fast.no" smtp-auth: ) by humbolt.nl.linux.org with ESMTP id ; Mon, 17 Jan 2000 18:00:59 +0100 Received: (from astor@localhost) by midten.fast.no (8.9.3/8.9.3) id RAA02190; Mon, 17 Jan 2000 17:57:12 +0100 (CET) Date: Mon, 17 Jan 2000 17:57:12 +0100 From: Alexander S A Kjeldaas To: mbeede@securecomputing.com Cc: linux-ipsec@clinet.fi, securedistros@nl.linux.org Subject: Re: Future FreeS/WAN users? Message-ID: <20000117175712.A99518@midten.fast.no> References: <200001171620.KAA02219@stpsowk48> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <200001171620.KAA02219@stpsowk48>; from Mike Beede on Mon, Jan 17, 2000 at 10:20:58AM -0600 Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list On Mon, Jan 17, 2000 at 10:20:58AM -0600, Mike Beede wrote: > > > Slashdot reports the NSA have let a contract for a security-enhanced > > Linux. > > > > http://biz.yahoo.com/prnews/000113/ca_secure__1.html > > > > Somehow I suspect this code may not be open source. > > Your suspicion, while reasonable, turns out to be wrong. We are > planning on putting up a more detailed explanation of our intentions > in the next couple of days. For now, suffice it to say that it's our > intent to release under the GPL. I'll notify the list when they put > up the statement. I believe it will focus on the project relative to > the GPL. > > Having a secure operating system available to the community will also > benefit us, by giving us a non-proprietary platform for our security > products. > I see from your web-pages that you have a patent on Type Enforcement. Could you elaborate a bit on that patent, how your Type Enforcement patent compared to the Domain & Type Enforcement that TIS worked on, and whether that patent will restrict the use of your GPLed modifications to the Linux kernel? astor -- Alexander Kjeldaas Mail: astor@fast.no Systems Engineer Web: http://www.fast.no/ Fast Search & Transfer ASA Phone: +47 73 54 63 92 P.O. Box 1236 Pirsenteret Fax: +47 73 54 63 95 NO-7462 Trondheim, NORWAY Mob: +47 92 21 93 80 - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@nl.linux.org Mon Jan 17 18:14:11 2000 Received: by humbolt.nl.linux.org id ; Mon, 17 Jan 2000 18:10:29 +0100 Received: from beach.sctc.com ([192.55.214.50]:14865 "EHLO beach.sctc.com" smtp-auth: ) by humbolt.nl.linux.org with ESMTP id ; Mon, 17 Jan 2000 18:09:40 +0100 Received: from beach.sctc.com (root@localhost) by beach.sctc.com with ESMTP id LAA19233 for ; Mon, 17 Jan 2000 11:10:58 -0600 (CST) Received: from sphinx.sctc.com (sphinx.sctc.com [172.17.192.3]) by beach.sctc.com with ESMTP id LAA19229 for ; Mon, 17 Jan 2000 11:10:58 -0600 (CST) Received: from taurus.sctc.com (taurus.sctc.com [172.17.65.178]) by sphinx.sctc.com (8.8.8+Sun/8.7.3) with SMTP id LAA07296 for ; Mon, 17 Jan 2000 11:05:38 -0600 (CST) Message-ID: <013f01bf610c$d5a62300$b24111ac@sctc.com> From: "Al Dowd" To: References: <200001171620.KAA02219@stpsowk48> Subject: Re: Future FreeS/WAN users? Date: Mon, 17 Jan 2000 11:03:52 -0600 Organization: Secure Computing Corporation MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list WOW!!! _That_ was certainly the most direct statement I've seen come out in public. Did you follow the ~275 message discussion on slashdot last week? Your voice would surely have blown them away. Al D. ----- Original Message ----- From: "Mike Beede" To: Cc: Sent: Monday, January 17, 2000 10:20 AM Subject: Re: Future FreeS/WAN users? > > > Slashdot reports the NSA have let a contract for a security-enhanced > > Linux. > > > > http://biz.yahoo.com/prnews/000113/ca_secure__1.html > > > > Somehow I suspect this code may not be open source. > > Your suspicion, while reasonable, turns out to be wrong. We are > planning on putting up a more detailed explanation of our intentions > in the next couple of days. For now, suffice it to say that it's our > intent to release under the GPL. I'll notify the list when they put > up the statement. I believe it will focus on the project relative to > the GPL. > > Having a secure operating system available to the community will also > benefit us, by giving us a non-proprietary platform for our security > products. > > > Mike Beede > > -- > mbeede@securecomputing.com > Secure Computing > 2675 Long Lake Road > Roseville MN > (612) 628-2749 > - > Securedistros: A common list for all secured Linux distributions > Archive: http://humbolt.nl.linux.org/lists/ > - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@nl.linux.org Mon Jan 17 19:12:13 2000 Received: by humbolt.nl.linux.org id ; Mon, 17 Jan 2000 19:10:40 +0100 Received: from agratax.demon.nl ([212.238.108.69]:7943 "EHLO agratax.demon.nl" smtp-auth: ) by humbolt.nl.linux.org with ESMTP id ; Mon, 17 Jan 2000 19:10:24 +0100 Received: from mirkwood.dummy.home ([10.0.0.1]:6407 "EHLO mirkwood.dummy.home") by mirkwood.nl.linux.org with ESMTP id ; Mon, 17 Jan 2000 19:07:16 +0100 Date: Mon, 17 Jan 2000 19:07:16 +0100 (CET) From: Rik van Riel X-Sender: riel@mirkwood.dummy.home To: securedistros@nl.linux.org Subject: first step Message-ID: Organisation: NL.linux.org (http://www.nl.linux.org/) X-Search-Engine-Bait: http://www.nl.linux.org/ MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list Hi, it is a good thing that new advanced security features are being developed in Linux, but parrallel to this effort I believe there is an issue we need to bug our distribution people about. Tools like named, sendmail and various other daemons can be installed in a secure way, yet not all distributions do that. Maybe it's time to just ask the distro people (hello?) if they can install named chrooted and take similar measures for other daemons... To the people busy with new security features: Keep up the good work! regards, Rik -- The Internet is not a network of computers. It is a network of people. That is its real strength. - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@nl.linux.org Fri Jan 21 17:50:29 2000 Received: by humbolt.nl.linux.org id ; Fri, 21 Jan 2000 17:48:48 +0100 Received: from beach.sctc.com ([192.55.214.50]:61458 "EHLO beach.sctc.com") by humbolt.nl.linux.org with ESMTP id ; Fri, 21 Jan 2000 17:48:17 +0100 Received: from beach.sctc.com (root@localhost) by beach.sctc.com with ESMTP id KAA09145 for ; Fri, 21 Jan 2000 10:50:37 -0600 (CST) Received: from sphinx.sctc.com (sphinx.sctc.com [172.17.192.3]) by beach.sctc.com with ESMTP id KAA09141 for ; Fri, 21 Jan 2000 10:50:37 -0600 (CST) Received: from securecomputing.com ([172.17.67.51]) by sphinx.sctc.com (8.8.8+Sun/8.7.3) with ESMTP id KAA18698 for ; Fri, 21 Jan 2000 10:45:12 -0600 (CST) Message-ID: <38888DD9.94EC08F2@securecomputing.com> Date: Fri, 21 Jan 2000 10:48:25 -0600 From: Tom Haigh X-Mailer: Mozilla 4.61 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: securedistros@nl.linux.org Subject: Secure Computing's Plans for Type Enforced Linux References: <200001191057.DAA21079@aztec.santafe.edu> <3885FB0D.FC3BFC95@darpa.mil> <200001200629.XAA22118@aztec.santafe.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list I just posted the following message to the open-source discussion group at SRI. It belongs here as well. --Tom It is past time for me to jump into this discussion. Secure Computing is commited to being a responsible, contributing member of the open source community. One of the conditions of accepting the contract from NSA was that we be able to make the results of the contract available to the community. I have appended a portion of a FAQ that we released internally on the topic. I will also say that our legal folks are still looking at the best way to do this. Needless to say, we are not excited about other vendors coming up with proprietary versions of type enforcement. We believe that opening up the TE work to the broader community will be a win for all of us. The proposals made by Brian Witten and Richard Stallman are very interesting to us, and I want to explore those more out of band with anyone who is interested. When we have figured out just how to handle this, I will post the resolution here. We appreciate the interest that you all have shown and the good suggestions that have been made. Thanks very much. Tom Haigh, CTO Secure Computing Corp. 2675 Long Lake Road Roseville, MN 55343 651-628-2738 haigh@securecomputing.com Question 5: What about the open source licensing? What does this mean for your Type Enforcement technology on Linux? It is our intention to be an active, responsible member of the open source community. We will work with partners to develop new product offerings that will benefit our customers, our partners, and us. Our modifications to Linux will consist of: - strong policy enforcement code which is in the kernel itself, - a flexible policy engine which is structured as a separate module We will open source all the modifications to the kernel as well as deliver a general-purpose security policy engine. We are still defining the exact functionality of this engine, but it will support a broad set of basic applications, it will be functional and it will be complete enough to enable the Linux community to develop other policy engines. We hope that others will choose to enhance this engine and/or develop their own policy engines that are optimized for their purposes. Separately, we will use Linux and develop Linux policy engines for our own products, such as Sidewinder. These policy engines will remain proprietary to Secure Computing. - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@nl.linux.org Tue Jan 25 08:05:38 2000 Received: by humbolt.nl.linux.org id ; Tue, 25 Jan 2000 08:03:35 +0100 Received: from wirex.com ([208.161.110.91]:5146 "HELO mithra.immunix.org") by humbolt.nl.linux.org with SMTP id ; Tue, 25 Jan 2000 08:02:47 +0100 Received: from wirex.com (mithra.wirex.com [208.161.110.91]) by mithra.immunix.org (Postfix) with ESMTP id E9DD73EC16 for ; Mon, 24 Jan 2000 22:58:57 -0800 (PST) Message-ID: <388D3936.4BE4B99F@wirex.com> Date: Tue, 25 Jan 2000 05:48:38 +0000 From: Crispin Cowan Organization: WireX Communications, Inc. X-Mailer: Mozilla 4.7 [en] (X11; U; Linux 2.0.36 i586) X-Accept-Language: en MIME-Version: 1.0 To: Secure Distros Subject: New Security Paradigms Workshop 2000: Call For Papers Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list ======================================================================== Call For Papers New Security Paradigms Workshop 2000 An ACM/SIGSAC sponsored workshop 19 - 21 September 2000 Ballycotton, County Cork, Ireland http://www.nspw.org/ ======================================================================== For eight years, the New Security Paradigms Workshop has provided a productive and highly interactive forum in which innovative new approaches (and some radical older approaches) to computer security have been offered, explored, refined, and published. The workshop offers a constructive environment where experienced researchers and practitioners work alongside newer participants in the field. The result is a unique opportunity to exchange ideas. New Security Paradigms Workshop (NSPW) 2000 will take place September 19 - 21, 2000 at the Bayview Hotel, Ballycotton, a 45 minute drive from the Cork airport. In order to preserve the small, intimate nature of the workshop, participation is limited to authors of accepted papers and conference organizers. Because these are new paradigms, we cannot predict what subjects will be covered. Any paper that presents a significant shift in thinking about difficult security issues or builds on a previous shift will be welcomed. The New Security Paradigms Workshop is highly interactive in nature. Authors are encouraged to present ideas that might be considered risky in some other forum. All participants are charged with providing feedback in a constructive manner. The resulting brainstorming environment has proven to be an excellent medium for furthering the development of these ideas. The proceedings, published after the workshop, have consistently benefited from the inclusion of workshop feedback. To participate, please submit your paper, justification, and attendance statement, preferably via e-mail, to both Program Chairs -- Cristina Serban (cserban@att.com) and Brenda Timmerman (btimmer@ecs.csun.edu) -- by Friday, March 31, 2000 (hardcopy submissions must be received by Friday, March 24, 2000). Further details on the required format of submissions follow. 1 - Your Paper You should submit either a research paper, a 5 - 10 page position paper, or a discussion topic proposal. Submissions of any type must not have been published elsewhere. Discussion topic proposals should include an in-depth description of the topic to be discussed, a convincing argument that the topic will lead to a lively discussion, and any other supporting materials. Softcopy submissions should be in Postscript or ASCII format. Papers may be submitted in hardcopy. To submit hardcopy, please mail 5 (five) copies to Program co-chair Cristina Serban. Please allow adequate time for delivery. 2 - Justification You should describe, in one page or less, why your paper is appropriate for the New Security Paradigms Workshop. A good justification will describe the new paradigm being proposed, explain how it is a departure from existing theory or practice, and identify those aspects of the status quo it challenges or rejects. 3 - Attendance Statement You should state how many authors wish to attend the workshop. Accepted papers require the attendance of at least one author. In order to ensure that all papers receive equally strong feedback, all attendees are expected to stay for the entire duration of the workshop. The program committee will referee the papers and notify the authors of acceptance status by June 9, 2000. We expect to be able to offer a limited number of scholarships. More information will be provided on our web site (http://www.nspw.org/) as it becomes available. Workshop Co-Chairs Mary Ellen Zurko Steven J. Greenwald Iris Associates 2521 NE 135th Street 230 Nashua Rd. North Miami, FL 33181 USA Groton, MA 01450 USA e-mail: sjg6@gate.net e-mail: mzurko@iris.com voice: +1 (305) 944-7842 voice: +1 (978) 392-6018 fax +1 (305) 489-8129 fax: +1 (978) 692-7365 Program Committee Co-Chairs Cristina Serban Brenda Timmerman AT&T Labs California State University 307 Middletown-Lincroft Rd. 18111 Nordhoff St. Lincroft, NJ 07738 USA Northridge, CA 91330-8281 USA e-mail: cserban@att.com e-mail: btimmer@ecs.csun.edu voice: +1 (732) 576-3279 voice: +1 (818) 677-7341 fax: +1 (732) 576-6406 fax: +1 (818) 677-2140 Program Committee Bob Blakley, Tivoli Heather Hinton, Tivoli Erland Jonsson, Chalmers University of Technology Clifford Kahn, EMC Corporation Darrell Kienzle, The MITRE Corporation Jun Li, UCLA Catherine Meadows, Naval Research Laboratory Susan Pancho, University of Cambridge Dean Povey, DSTC Thomas Riechmann, Siemens Marvin Schaefer, ARCA Systems John Michael Williams Local Arrangements Simon Foley (University College, Cork, Ireland) +353 21 902929 Scholarships Hilary Hosmer (Data Security Inc.) +1 (781) 275-8231 John McHugh (SEI/CERT) +1 (412) 268-7737 Publications Marvin Schaefer (ARCA Systems) +1 (410) 309-1780 Publicity Crispin Cowan (WireX Communications, Inc.) +1 (503) 241-6575 ACM-SIGSAC Chair Ravi Sandhu (George Mason University) +1 (703) 993-1659 Steering Committee Bob Blakley, Steven J. Greenwald, Hilary Hosmer, Darrell Kienzle, Catherine Meadows, Cristina Serban, Brenda Timmerman, Mary Ellen Zurko Crispin ----- Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@nl.linux.org Wed Jan 26 14:58:47 2000 Received: by humbolt.nl.linux.org id ; Wed, 26 Jan 2000 14:55:28 +0100 Received: from fast.cs.utah.edu ([155.99.212.1]:12300 "EHLO fast.cs.utah.edu") by humbolt.nl.linux.org with ESMTP id ; Wed, 26 Jan 2000 14:53:26 +0100 Received: from mancos.cs.utah.edu (mancos.cs.utah.edu [155.99.212.23]) by fast.cs.utah.edu (8.9.1/8.9.1) with ESMTP id GAA06741; Wed, 26 Jan 2000 06:50:22 -0700 (MST) Received: from mancos.cs.utah.edu (lepreau@localhost) by mancos.cs.utah.edu (8.9.1/8.9.1) with ESMTP id GAA01845; Wed, 26 Jan 2000 06:50:22 -0700 (MST) Message-Id: <200001261350.GAA01845@mancos.cs.utah.edu> From: Jay Lepreau To: open-source@csl.sri.com, securedistros@nl.linux.org Cc: tom_haigh@securecomputing.com Subject: Re: NSA funds SCC for robust/secure Linux Date: Wed, 26 Jan 2000 06:50:21 MST Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list The recent press release and email from Secure Computing Corp. regarding type-enforced Linux are confusing. No longer regarding the GPL aspect-- I'm pleased to hear it's all going to be openly released-- but regarding the origins of the technology. Over several years our research group at the Univ. of Utah-- the Flux group-- collaborated closely with the NSA in integrating flexible mandatory access controls into our research OS, "Fluke", with some consulting support from Secure Computing. This extended over several years, resulting in the "Flask" system. That security architecture is derived from DTOS, which was developed by the NSA, SCC, and maybe others. Since September our colleagues at the NSA have been working to transfer those concepts into Linux. According to my discussions with them and the content on their project web page (http://www.cs.utah.edu/flux/fluke/html/linux.html), it is the NSA researchers who have actually performed the kernel security modifications, and Secure Computing is using that source code-- the working secure Linux prototype that Steve Smalley talked about at the November meeting-- as the foundation for their work. (There is certainly need for a lot of work above the kernel in this system!) Could we get a clarification from SCC or NSA on this issue? Other than that, I'm delighted to see this excellent security architecture going mainstream, backed by a major company. Good luck! Other relevant URLs: Flask: http://www.cs.utah.edu/flux/flask/ The OSKit, which contains some Flask-y components, suitable for drop-in use in other OS's including Linux: http://www.cs.utah.edu/flux/oskit/ Jay Lepreau University of Utah - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@nl.linux.org Wed Jan 26 18:10:56 2000 Received: by humbolt.nl.linux.org id ; Wed, 26 Jan 2000 18:04:23 +0100 Received: from agratax.demon.nl ([212.238.108.69]:5383 "EHLO agratax.demon.nl") by humbolt.nl.linux.org with ESMTP id ; Wed, 26 Jan 2000 18:03:11 +0100 Received: from mirkwood.dummy.home ([10.0.0.1]:64262 "EHLO mirkwood.dummy.home") by mirkwood.nl.linux.org with ESMTP id ; Wed, 26 Jan 2000 17:48:48 +0100 Date: Wed, 26 Jan 2000 17:48:47 +0100 (CET) From: Rik van Riel X-Sender: riel@mirkwood.dummy.home To: securedistros@nl.linux.org Subject: Re: Secure Computing's Plans for Type Enforced Linux In-Reply-To: <38888DD9.94EC08F2@securecomputing.com> Message-ID: Organisation: NL.linux.org (http://www.nl.linux.org/) X-Search-Engine-Bait: http://www.nl.linux.org/ MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list On Fri, 21 Jan 2000, Tom Haigh wrote: > We will open source all the modifications to the kernel as well as > deliver a general-purpose security policy engine. We are still > defining the exact functionality of this engine, but it will > support a broad set of basic applications, it will be functional > and it will be complete enough to enable the Linux community to > develop other policy engines. We hope that others will choose to > enhance this engine and/or develop their own policy engines that > are optimized for their purposes. > > Separately, we will use Linux and develop Linux policy engines for > our own products, such as Sidewinder. These policy engines will > remain proprietary to Secure Computing. Sounds like an open source-friendly, sound business decision to me. The policy engine will have to be different for every other big security setup anyway, so that is a good place get some business done. Open-sourcing the generic framework will give the world, and your company, free improvements to that framework, making it easier to sell specialised policy engines to your customers, at competetive prices. I hope this will be a win/win situation for all of us and wish the people at Secure Computing the best of luck! regards, Rik -- The Internet is not a network of computers. It is a network of people. That is its real strength. - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@nl.linux.org Wed Jan 26 18:26:25 2000 Received: by humbolt.nl.linux.org id ; Wed, 26 Jan 2000 18:24:29 +0100 Received: from csla.csl.sri.com ([192.12.33.2]:15371 "EHLO csla.csl.sri.com") by humbolt.nl.linux.org with ESMTP id ; Wed, 26 Jan 2000 18:23:56 +0100 Received: from chiron.csl.sri.com (chiron.csl.sri.com [130.107.15.73]) by csla.csl.sri.com (8.9.1/8.9.1) with ESMTP id JAA09454; Wed, 26 Jan 2000 09:20:59 -0800 (PST) Received: (from neumann@localhost) by chiron.csl.sri.com (8.9.1/8.8.7) id JAA04947; Wed, 26 Jan 2000 09:22:39 -0800 (PST) Date: Wed, 26 Jan 2000 9:22:38 PST From: "Peter G. Neumann" To: open-source@csl.sri.com Subject: Re: NSA funds SCC for robust/secure Linux In-Reply-To: Your message of Wed, 26 Jan 2000 06:50:21 MST Cc: securedistros@nl.linux.org Message-ID: Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list Jay, Perhaps you are just referring to the origins of the Linux redo? But if you are referring to the origins of the type-enforcement technology, in hardware, operating systems, and application software, be sure to check out our PSOS (Provably Secure Operating System) project done for NSA in the 1970s. A paper by Rich Feiertag and me is at http://www.csl.sri.com/neumann/public_html/psos.pdf and, in addition to a few early papers, there are reports from 1975, 1977, and a revised version in 1980 prepared for the competition between Honeywell (before they spun off SCC) and Ford Aerospace to implement something along those lines. Peter - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@nl.linux.org Thu Jan 27 21:18:00 2000 Received: by humbolt.nl.linux.org id ; Thu, 27 Jan 2000 21:11:00 +0100 Received: from beach.sctc.com ([192.55.214.50]:48902 "EHLO beach.sctc.com") by humbolt.nl.linux.org with ESMTP id ; Thu, 27 Jan 2000 21:07:33 +0100 Received: from beach.sctc.com (root@localhost) by beach.sctc.com with ESMTP id OAA20563; Thu, 27 Jan 2000 14:10:17 -0600 (CST) Received: from sphinx.sctc.com (sphinx.sctc.com [172.17.192.3]) by beach.sctc.com with ESMTP id OAA20559; Thu, 27 Jan 2000 14:10:17 -0600 (CST) Received: from securecomputing.com ([172.17.67.51]) by sphinx.sctc.com (8.8.8+Sun/8.7.3) with ESMTP id OAA19203; Thu, 27 Jan 2000 14:04:44 -0600 (CST) Message-ID: <3890A599.4D893953@securecomputing.com> Date: Thu, 27 Jan 2000 14:07:53 -0600 From: Tom Haigh X-Mailer: Mozilla 4.61 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: securedistros@nl.linux.org CC: open-source@csl.sri.com Subject: Re: NSA funds SCC for robust/secure Linux References: <200001261350.GAA01845@mancos.cs.utah.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list Jay Lepreau wrote: > Over several years our research group at the Univ. of Utah-- the Flux > group-- collaborated closely with the NSA in integrating flexible > mandatory access controls into our research OS, "Fluke", with some > consulting support from Secure Computing. This extended over several > years, resulting in the "Flask" system. That security architecture is > derived from DTOS, which was developed by the NSA, SCC, and maybe others. > > Since September our colleagues at the NSA have been working to transfer > those concepts into Linux. According to my discussions with them and the > content on their project web page > (http://www.cs.utah.edu/flux/fluke/html/linux.html), it is the NSA > researchers who have actually performed the kernel security modifications, > and Secure Computing is using that source code-- the working secure Linux > prototype that Steve Smalley talked about at the November meeting-- as the > foundation for their work. (There is certainly need for a lot of > work above the kernel in this system!) Could we get a clarification > from SCC or NSA on this issue? > As Peter Neumann pointed out, the architecture goes back a long way. I first encountered it on the Honeywell Secure Ada Target (SAT) project in the mid '80s. We went on to refine it on several later projects, including LOCK, DTMach, SNS, DTOS, our SecureOS for our Sidewinder firewall, and a few other IR&D projects. Depending on how you count, we have done somewhere between five and nine implementations of the architecture now. NSA has been involved with TE from the beginning. They were our customer for a number of these projects, and the R23 technical team worked very closely with our DTOS technical team on the project that Jay references. Since signing the contract with NSA, R23 has graciously given us access to their source code, and we hope to carry on a close collaboration with them on this project, just as we did on the DTOS project. We believe that combining the collective knowlegede and experience of the two teams will result in a very solid security solution for us to submit to the Linux community. As the two teams work together, we will decide what parts of the R23 code to use as is, what parts to modify, and what to develop anew. Once the resulting code is published, we hope a number of other people and organizations will choose to propose extensions and improvements to it. We are excited about this opportunity to contribute what we believe is a solid security solution to the Linux community, and we look forward to fruitful, stimulating technical discussions on how to make it better. > > Other than that, I'm delighted to see this excellent security > architecture going mainstream, backed by a major company. Good luck! Thanks. I always like to see SCC referred to as a major company. --Tom Tom Haigh, CTO Secure Computing Corp. 2675 Long Lake Road Roseville, MN 55113 651-628-2738 haigh@securecomputing.com - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/