[14605] in cryptography@c2.net mail archive
Re: NCipher Takes Hardware Security To Network Level
daemon@ATHENA.MIT.EDU (Anton Stiglic)
Sat Oct 11 09:44:50 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Anton Stiglic" <astiglic@okiok.com>
To: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>,
<cryptography@metzdowd.com>
Date: Fri, 10 Oct 2003 10:25:19 -0400
----- Original Message -----
From: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>
> [...]
>
> The problem is
> that what we really need to be able to evaluate is how committed a vendor
is
> to creating a truly secure product.
> [...]
I agree 100% with what you said. Your 3 group classification seems
accurate.
But the problem is how can people who know nothing about security evaluate
which vendor is most committed to security?
For the moment, FIPS 140 and CC type certifications seem to be the only
means
for these people... Unfortunately these are still to general and don't
always give
you an accurate measurement of how dedicated to security the vendor was...
This seems to be a big open-problem in practical security!
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
