[cgl_discussion] Latest CGL security spec
cherry at osdl.org
Wed Apr 20 10:52:05 PDT 2005
On Tue, 2005-04-19 at 09:03 -0700, Cihula, Joseph wrote:
> Attached is the latest draft of the CGL security spec.
> I believe that there are only two open issues with it:
> 1. There has been some debate about whether it should include
> requirements for secure default settings (it currently does not).
> While in principle I think that this is a good thing, I don't think
> that this version of the specification is appropriate for it. This is
> the first version of the CGL security specification and it will be
> good just to get a solid set of base requirements out to the industry
> before complicating it with default settings.
Let's give the spec a chance and keep it as simple as possible for the
> Also, this spec will be part of the CGL 3.1 release, which is just an
> incremental release (mainly to include security) and so impacting the
> rest of the specs (as the defaults would cover requirements in those
> specs as well) is probably not advised for a point release.
It would be difficult to impact the other specifications at this point
> That said, I'm open to opinions.
> 2. SEC.3.1 Log Integrity and Origin Authentication does not have any
> PoCs that are more recently active than 2003. It was a P1 requirement
> from the CGL 2.0 spec. I propose that it be moved to the roadmap
> section due to lack of PoC activity.
Moving SEC.3.1 to the roadmap section should be a proposal for the f2f
meeting in Paris. The rationale at this point in time would be that
there is no development going on with this capability.
> (I would post a PDF version but Word can't format it correctly for
> printing--tech writer to fix).
> Joseph Cihula
> (Linux) Software Security Architect
> Intel Corp.
> *** These opinions are not necessarily those of my employer ***
> <<cgl_v31_draft_security v08.doc>>
> cgl_discussion mailing list
> cgl_discussion at lists.osdl.org
More information about the cgl_discussion