[cgl_discussion] Latest CGL security spec

John Cherry cherry at osdl.org
Wed Apr 20 10:52:05 PDT 2005


On Tue, 2005-04-19 at 09:03 -0700, Cihula, Joseph wrote:

> 
> Attached is the latest draft of the CGL security spec.
> 
> I believe that there are only two open issues with it: 
> 1.  There has been some debate about whether it should include
> requirements for secure default settings (it currently does not).
> While in principle I think that this is a good thing, I don't think
> that this version of the specification is appropriate for it.  This is
> the first version of the CGL security specification and it will be
> good just to get a solid set of base requirements out to the industry
> before complicating it with default settings.  

Let's give the spec a chance and keep it as simple as possible for the
first release.

> Also, this spec will be part of the CGL 3.1 release, which is just an
> incremental release (mainly to include security) and so impacting the
> rest of the specs (as the defaults would cover requirements in those
> specs as well) is probably not advised for a point release.  

It would be difficult to impact the other specifications at this point
in time.

> That said, I'm open to opinions.


> 
> 2.  SEC.3.1 Log Integrity and Origin Authentication does not have any
> PoCs that are more recently active than 2003.  It was a P1 requirement
> from the CGL 2.0 spec.  I propose that it be moved to the roadmap
> section due to lack of PoC activity.

Moving SEC.3.1 to the roadmap section should be a proposal for the f2f
meeting in Paris.  The rationale at this point in time would be that
there is no development going on with this capability.

John

> 
> (I would post a PDF version but Word can't format it correctly for
> printing--tech writer to fix).
> 
> Joseph Cihula 
> (Linux) Software Security Architect 
> Intel Corp.
> 
> *** These opinions are not necessarily those of my employer *** 
> <<cgl_v31_draft_security v08.doc>> 
> 
> _______________________________________________
> cgl_discussion mailing list
> cgl_discussion at lists.osdl.org
> http://lists.osdl.org/mailman/listinfo/cgl_discussion




More information about the cgl_discussion mailing list