[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: SV: SV: SV: SV: Query on FW Attacks -reply
From:       "Paul D. Robertson" <proberts () clark ! net>
Date:       1999-11-24 19:34:59
[Download RAW message or body]

On Wed, 24 Nov 1999, Per Gustav Ousdal wrote:

> OK, is there an RFC (or something) on DNSSEC? (Do you happen to know
> which one?) What is a PKI?

The last list of RFCs that had to do with DNSSEC I have is:

2137, 2535, 2536, 2537, 2538, 2539, 2540 and 2541.  A search on DNSSEC
should yield more favorable results.

PKI == Public Key Infrastructure.  Likewise a search on PKI should yield
more data.  Basicly servers/infrastructure to issue/update/verify/revoke
certificates.

> > My mid-term fix is to move my infrastructure to machines that have a more 
> > serious TCB than general-purpose operating systems.  For Linux, I'm 
> > looking at protection models in RSBAC (http://www.rsbac.de/) and trying to 
> > help advocate/steer development in ways that I find "good."  If I can 
> > raise the bar on Web sites, name servers and key servers, then I've done 
> > some good.
> 
> Hmm, TCB?

Trusted Computing Base - part of the OS that's verified for correct
implementation and security.  

RSBAC brings role-based computing, ACLs, malware detection, privacy
models, etc. to the freeware domain.  The principle author has done a
*lot* of work in creating a secure system at the OS level that's in the
control of the administrator, not the application developer.  Given the
recent discussions of kernel.dll mappings into the application space under
NT/9x, I think that raising that bar may require MS to answer with some
more serious designs than their current model seems to indicate they've
done. 

> Agree. I guess I meant to ask, does such an "office suit" exist?

Lots do, they're all not made by Microsoft.  I still don't understand how
all the major companies in the world can't get MS to produce a version of
Word/Excel that isn't virus-enabled.

> > > The MS dominance a threat to security?
> > 
> > Unfortunately for viruses definitely :(  Pitty too, because out of any 
> > company in the world, they have the oppertunity to raise the bar both in 
> > application and OS security.
> 
> Problem is, they don't have to: I think they can produce almost any
> rubbish these days, and it'll sell :( I get very annoyed when when

Until the market starts demanding security, there will be less than is
optimal.  It's our responsibility to ensure that such demands are made and
that vendors are held accountable for their software. 

> people talk about Bill Gates like this saint that made computers
> userfriendly (i.e. invented the GUI), thus bringing technology

Xerox PARC did most of the front-end work on computer GUIs, everyone else
stole it from them.

> forward, yet this attitude is VERY common. What BS! I remeber the
> first attampts at windows, what a JOKE! I also remember the far
> supperior OS(GUI) that existed at that time (AMIGA, MacIntosh).

Actually, if I recall correctly, the LISA predated the Mac.  The UI was
the only part of the Mac OS that was nice, I don't think I'd call the rest
of the system "superior", though I knew a lot of people who enjoyed
writing code for them, I certainly wasn't one of them.

In any case, the history isn't as important as the groundwork we lay for
the future.

> Windows was trailing for a long time. Only thing Bill G. did was some
> "licensing magic", and change the / to \ :( He is a buisness man, not
> a hacker....

Actaully, I think that Seattle Labs did the character change before MS
licensed the OS they didn't yet own to IBM.  In the early days they
certainly deserve some credit for sheer gaul.

None-the-less they're in charge of the direction of the bulk of computing
on the planet today.  That leaves us with trying to hold them accountable
for their actions or trying to overthrow them.  Accountablility seems to
be the best-sum game.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts@clark.net      which may have no basis whatsoever in fact."
                                                                     PSB#9280

-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

[prev in list] [next in list] [prev in thread] [next in thread]