Common Criteria things

Mike Owen Mike at
Tue Apr 18 21:45:14 GMT 2000

>Unfortunately, IMHO, that is a very bad answer.  The B1 market is dead.  Why 
>design and build a product for a dead market?

Well, I'm not convinced that the B1 market is dead, to be honest.
Trusted Solaris is chugging along quite happily, though strictly
speaking, it's B1+.

>As far as the "less direction" aspect:  the CC was designed to help two sets of 
>people:  1) the people specifying & buying systems and products with security 
>requirements, and 2) the people building systems and products with security.  
>The CC does not mandate groupings of requirements, such as the TCSEC, but 
>provides *a common language* to specify the security products that customers 
>would want, and vendors would build.  It doesn't mandate the security of the 
>products to be evaluated, it mandates a common language in which to specify 

I think it's fairly clear that if an evaluation were to take place (with
the support of whoever) it would be a Common Criteria evaluation. I say
this because I'm not even sure TCSEC evaluations can be done anymore,
and even if they could, we'd never find anyone willing to fund one. And
as you say, there's really no point.

However, the fact of the matter is that when these evaluations are being
marketed (when you're telling someone about the features of a product)
you can either say that it has a list of CC attributes as long as your
arm, or you can say "Common Criteria EAL4 evaluated to a B1 Protection
Profile." I think the key here is a desire for the FUNCTIONALITY of a B1
system - B1 provides a good solid set of security features. It's true
that it is very rare for an RFP to specify a TCSEC criteria and stick to
it - these days it's generally a CC level and a list of functionality.
(Or in some cases that make me wonder, a CC level with no functionality
requirements...) The fact of the matter is, B1 functionality provides a
good base for a secure product. That's the whole reason why I like
Trusted Solaris - it does more than I've ever needed, but I've seen many
products which used different parts of its FC-B1 functionality. I'd love
to think that people choosing between NT, Linux, and BSD could have a
Trusted solution like TBSD. For that matter, I'd love to have that
choice myself. Properly configured, I think it's obvious which would
make for a more secure web server.

(Needless to say, there are load of other potential uses. That's simply
the first that came to my mind.)

>I've worked with the Orange Book for 15 years, and the CC for about 5 years, so 
>I speak with a bit of experience!  I would love to (and hate to) help congeal 
>the CC requirements for TBSD ... it would be a fun project, but IMHO a waste of 
>time (the hate part), unless the TBSD market is better defined!

I'd be more than happy to volunteer some of my time towards translating
bits of the B1 spec into CC language. Would it be worth doing this now,
or is there some question as to what requirements we really have for
security features?

(Note that my time is somewhat limited until I've written my exams.)

Having said that, is this already underway? I only just joined this
list, and I've yet to see a "Work to be done, work that needs
volunteers" type of list floated.

Ah yes, and I have CC in PDF and PS formats (I think) at work. I might
have it in something else as well - I'll check tomorrow. 

To Unsubscribe: send mail to majordomo at
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list