From: “Paul H. Merrill” <PaulMerrill@acm.org>
To: cypherpunks@toad.com
Message Hash: 95f66c5da3b26520fbd88568d5552916c43b81afe67ce127b58692ebd7166c42
Message ID: <364E789E.850EA9CD@ACM.Org>
Reply To: <199811150307.EAA08300@replay.com>
UTC Datetime: 1998-11-15 04:11:25 UTC
Raw Date: Sun, 15 Nov 1998 12:11:25 +0800
From: "Paul H. Merrill" <PaulMerrill@acm.org>
Date: Sun, 15 Nov 1998 12:11:25 +0800
To: cypherpunks@toad.com
Subject: Re:
In-Reply-To: <199811150307.EAA08300@replay.com>
Message-ID: <364E789E.850EA9CD@ACM.Org>
MIME-Version: 1.0
Content-Type: text/plain
Anonymous wrote:
<<snip>>
> failed TCSEC/Rainbow testing program. I say "failed"
> because it hasn't caught on in the private sector, it's expensive and,
> of course, the laughable "C2 in '92."
While I was never a great fan of the Rainbow Series, to say that it
failed because it hasn't caught on in the private sector is not holding
very close to the point of it all. The "typical" private sector approach
to security is to do nothing 'til the hackers come over the iInternet
and wreak havoc the throw up a proxie server/firewall and go back to
normal practices until the next "event" and try to plug That Hole.
C2 by 92 was an effort on the part of the govenment/military to stop
those practices on their own parts. True, not ompletely succesful, but
hey what the Hell, how many of the efforts by them folk are?
PHM
Return to November 1998
Return to ““Paul H. Merrill” <PaulMerrill@acm.org>”