[ntp:hackers] Findinterface
Brad Knowles
brad at stop.mail-abuse.org
Mon Jun 13 13:31:27 PDT 2005
At 11:09 AM -0700 2005-06-13, todd glassey wrote:
>> NSA waasn't smoking anything when I saw the first edition of the orange
>> book in 1983.
>
> Ah, I liked the Red Book myself - the damn think never fit on a shelf
> properly.
When talking about computer security, none of those books are
valid anymore. You need to be talking about the TCSEC.
If you did want to talk about Orange book security, I'll start
digging up old stories I got while working at the Pentagon about
different problems that occurred after a particular box got a certain
level of certification, only to be demonstrated to be insecure once
put into a more operational-style test.
Certifications like A-1, A-2, B-1, B-2, C-1, C-2, etc... really
don't mean anything, except as an upper limit on the level of
security that you could possibly achieve in a non-networked
environment. The moment you throw those things on a network, all
Orange book security ratings go out the window.
> I would beg to differ, and we will in our test and release plan build the
> certification matrix - this will have to get some input from various
> parties - we will also get those parties shipping NTP who are going to want
> to use the secured version to participate more formally.
Given the extreme variations in the ability of different OSes to
drop interrupts and to give good timing information to the
applications running on the machine, I would be very curious how
anyone can make any claims about NTP and time performance that are
going to be independent of the hardware and OS platform.
You're going to have a very hard time proving that one to me.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the hackers
mailing list