1998-11-02 - Re: orange book



From: "Paul H. Merrill" <PaulMerrill@acm.org>
To: bill payne <billp@nmol.com>
UTC Datetime: 1998-11-02 16:41:22 UTC







Subject: Re: orange book
No, like the title says, that is "NOT The Orange Book".  Many (read all)
of the people I worked with at WPAFB and the contractor sites were
confused by the deluge that NCSC put out and called the Rainbow Series. 
In an attempt to give clues to the realities involved, I wrote the
condensations and then wrapped a body around the skeleton formed by

If one reads the information there, one will see that that is what it
purports to be.

NTOB is not a site, it is the title of the book (paper published with an
orange cover, of course).  ((I thought of using cyan (not.orange) but no
one got the joke but the squints and precious few of them.)

Of course, not having seen what Sandia was givn, I an only assume that
DOD 5200.28-STD is what Sandia was given.  It IS what was I was working
from, along with the other toys put out by various governmental bodies.  


bill payne wrote:
> Monday 11/2/98 7:55 AM
> PaulMerrill@ACM.Org
> I looked at the orange book at NOT the Orange Book -
> http://www.jya.com/ntob.htm
> NSA employee Tom White http://jya.com/nsasuit.txt got me a copy of I was
> told was
> THE NSA orange book for Sandia's implementation of the NSA Benincasa
> nss/uso authentication algorithm..
> The report I saw was concerned about implementation of cryptographic
> units.
> Things like shielding, power filtering, red-black boundaries, shift
> register
> compromising signals, some software guidelines,....  The soft-cover
> report was mostly
> hardware-oriented.
> What I see at jya.com is not the orange book Sandia was given.
> bill payne