[Security_sig] DCL security section early draft

Emily Ratliff emilyr at us.ibm.com
Mon Dec 13 20:33:28 PST 2004

Thanks Lynn and Mary for writing this document.

A few comments/questions:

"Although that approach produced a good list of security features,  it did
not guarantee anything about security for a Linux in the Data Center."
This implies that the new approach does guarantee something about the
security of Linux in the Data Center but it was not clear to me what is
guaranteed. I think this needs to be clarified.

Is there going to be another section that describes the existing
implementations that map to each capability/requirement?

I think that the capabilities section on application confinement needs to
be fleshed out a little with the continuum of possibilities along the lines
of Ed's quick overview in last week's meeting.

I'm not clear on how certificates increase the tamper resistance of audit
logs. It is not critical to the description but I think that it should
either be made a little more clear or just dropped as the rest of the
description seems strong enough to stand by itself.


Emily Ratliff
IBM Linux Technology Center, Security
CISSP #51839
512-838-0409 (T/L 678-0409)
emilyr at us.ibm.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux-foundation.org/pipermail/security_sig/attachments/20041213/57094598/attachment-0001.htm

More information about the security_sig mailing list