meo@Dixie.Com (Miles ONeal) (03/15/91)
John F Haugh II writes: |...Naive users do not |fully understand what the difference between a "rated" and an |"unrated" system are - there are very real differences and... Which naive users? One would expect that the defense community (at whom the C2, etc ratings are directed) would not be buying purely out of naive trust in a spec and a vendor. Perhaps they might even look into things themselves... Playing with security is akin to playing with gunpowder. If you don't know what you're doing, you'll probably burn yourself. -Miles
phil@inetg1.Arco.Com (Phil Meyer) (03/16/91)
In article <8180@rsiatl.Dixie.Com>, meo@Dixie.Com (Miles ONeal) writes: > John F Haugh II writes: > > |...Naive users do not > |fully understand what the difference between a "rated" and an > |"unrated" system are - there are very real differences and... > > Which naive users? One would expect that the defense community > (at whom the C2, etc ratings are directed) would not be buying > purely out of naive trust in a spec and a vendor. Perhaps they > might even look into things themselves... > I'm certain that John refers to users like our Security people who are going to demand C2 security on all of our systems. Not because we are DOD, because we are not! They will demand C2 just beacuse it exists, and they feel it will help prevent 'Security Problems' from happening. To my knowlegde. our Security people are pretty good, but they don't have a UNIX guru amongst them. So they must be naive. The only thing I can say about C2 is: 'What a pain!' But even I must bow to the logical benefits of improved security. I just don't agree with the implementations. -- +=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | Phil Meyer phil@arco.com Work:(214) 754-6805 | +=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+