From: Mike Tighe <tighe@spectrum.titan.com>
Date: Sat, 23 Mar 1996 07:43:13 +0800
To: cypherpunks@toad.com
Subject: Re: NT's C2 rating
Message-ID: <1.5.4b11.32.19960322131211.006d298c@softserv.spectrum.titan.com>
MIME-Version: 1.0
Content-Type: text/plain



>At 10:21 AM 3/21/96 -0800,  David Loysen <dwl@hnc.com> wrote:
>>>The fine print says its insecure as soon as its connected to a network. 
>>Ain't nothing fine about that print. An operating system or piece of
>>hardware may be C2 certifiable. But only a complete system in a specific
>>configuration can be certified as C2 compliant. The way I read the orange
>>book, no system with a network connection can ever be C2. 

To address that problem, they wrote the Trusted Network Interpretation a few years after the Orange Book

Mike Tighe
tighe@spectrum.titan.com
http://www.tcst.com/~tighe/