From: Timothy Newsham <newsham@wiliki.eng.hawaii.edu>
Date: Fri, 24 Sep 93 11:42:40 PDT
To: jazz@hal.com (Jason Zions)
Subject: Re: P. Wayner on CSSPAB meeting
In-Reply-To: <9309241531.AA13351@jazz.hal.com>
Message-ID: <9309241842.AA27176@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> The TCSEC and Common Criteria are really being developed by various Defense
> agencies; in the US, NIST is also involved, as I suppose DIN, BSI, AFNOR,
> etc. are. NSA is uninterested in making systems secure; their job is to
> break them anyway. Since the TCSEC doesn't specify mechanism, it's at too
> abstract a level for NSA to tamper with.
> 
> There are no boogie men from the Spy House involved here, at least in the
> US. You can sleep well again.

I wouldnt exactly say that (although I doubt the NSA's involvement
here is shady).  The NCSC which came out with the original Trusted Criterion
(rainbow books including the orange book) is stationed at Fort Meade
MD. (oddly enough right by NSA).  If you get information sent to you
from the NCSC sometimes the return address will say NSA on it instead
of NCSC.  If you read through the schedule of any of the conferences
they put on you will see a good percentage of people with NSA next to
their names.  The NSA *does* have alot of interests in trusted systems
and making systems secure.  They are the national *Security* Agency.
While half of the people at the NSA are working on how to break other
peoples security there is still a good fraction of them learning how to
make their own systems safe.

> Jason Zions