[Security_sig] DCL security section early draft

Mary Edie Meredith maryedie at osdl.org
Tue Dec 14 08:36:39 PST 2004


Would it be possible for you (or others on the list) to suggest actual
wording to replace areas you find are weak?  


On Mon, 2004-12-13 at 20:33, Emily Ratliff wrote:
> Thanks Lynn and Mary for writing this document.
> 
> A few comments/questions:
> 
> "Although that approach produced a good list of security features, it
> did not guarantee anything about security for a Linux in the Data
> Center."
> This implies that the new approach does guarantee something about the
> security of Linux in the Data Center but it was not clear to me what
> is guaranteed. I think this needs to be clarified.
> 
> Is there going to be another section that describes the existing
> implementations that map to each capability/requirement?
> 
> I think that the capabilities section on application confinement needs
> to be fleshed out a little with the continuum of possibilities along
> the lines of Ed's quick overview in last week's meeting. 
> 
> I'm not clear on how certificates increase the tamper resistance of
> audit logs. It is not critical to the description but I think that it
> should either be made a little more clear or just dropped as the rest
> of the description seems strong enough to stand by itself.
> 
> Emily
> 
> Emily Ratliff
> IBM Linux Technology Center, Security
> CISSP #51839
> 512-838-0409 (T/L 678-0409)
> emilyr at us.ibm.com
> 
> 
> 
> ______________________________________________________________________
> _______________________________________________
> security_sig mailing list
> security_sig at lists.osdl.org
> http://lists.osdl.org/mailman/listinfo/security_sig
-- 
Mary Edie Meredith 
maryedie at osdl.org
503-906-1942
Open Source Development Labs




More information about the security_sig mailing list