[Security_sig] [Reminder] Security SIG conf. call - 1/20

Gé Weijers Ge.Weijers at Sun.COM
Fri Jan 21 12:55:18 PST 2005


In general I agree with your comments on the CGL Security spec doc.

John Cherry wrote:

>Comments on the CGL Security Requirements Definition - v3.1

>  - Page 16 SEC.6.0 and SEC.6.1
>    SEC.6.1 is the only subrequirement for SEC.6.0.  Should we combine
>    them?
A requirement for SSL/TLS support is missing completely, so I've split 
this up into three parts:

- support for applications requiring processing for certificates (e.g. 
mail readers)
- support for applications requiring SSL/TLS
- support for CA

>  - Page 16 SEC.7.0 and SEC.7.1
>    Same thing.  Should we combine them?
I've added the requirement that the system support virtual memory limits 
on processes, to avoid DoS attacks.

>  - Page 18 Appendicies
>    References are redundant to those at the beginning of the document
>    and the ones in A.2 do not appear to be security related.
Removed the whole section for now.

I'll upload the new version to the groups.osdl.org once I distill a PDF 


Gé Weijers                          mailto:ge.weijers at sun.com
Linux Software Engineering          Direct/Fax: (877)240-7611
Sun Microsystems, Inc.              x69536 (Sun)
=== Expressed opinions are my own, I do not speak for Sun ===

More information about the security_sig mailing list