From jeffs@kant.ee.washington.edu Fri Jan 12 11:56:42 2001 Received: from mxu1.u.washington.edu (mxu1.u.washington.edu [140.142.32.8]) by lists.u.washington.edu (8.9.3+UW00.05/8.9.3+UW00.12) with ESMTP id LAA44334 for ; Fri, 12 Jan 2001 11:56:34 -0800 Received: from kant.ee.washington.edu (kant.ee.washington.edu [128.95.205.15]) by mxu1.u.washington.edu (8.9.3+UW00.02/8.9.3+UW99.09) with ESMTP id LAA00685; Fri, 12 Jan 2001 11:56:34 -0800 Received: from rcs.ee.washington.edu (spinoza.ee.washington.edu [128.95.205.3]) by kant.ee.washington.edu (8.9.3/RCS-2.1) with ESMTP id LAA26133; Fri, 12 Jan 2001 11:56:00 -0800 (PST) Sender: jeffs@kant.ee.washington.edu Message-ID: <3A5F6150.AF03B1EF@rcs.ee.washington.edu> Date: Fri, 12 Jan 2001 11:56:00 -0800 From: Jeff Silverman X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.17 i686) X-Accept-Language: en MIME-Version: 1.0 To: Dave Dittrich CC: Michael Boer , Network System Adminstrators list , Subject: Re: NSA's Security-Enhanced Linux References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Dave Dittrich wrote: > On Fri, 12 Jan 2001, Michael Boer wrote: > > > May be of interest: http://www.nsa.gov/selinux/ > > I've been watching this, and have been meaning to comment on it as > soon as it stabilizes. > > The NSA chose, sometime last year, to work with an open source > operating system code base and to produce something they could > consider "trusted" for use by government agencies for services. > That effort was to then be given back to the open source community. > (Note that NSA is the chief US goverenment agency tasked with ensuring > the security of computing systems and applications throughout the > US government.) > > They announced an initial version of their modifications a few months > ago, and had one recent bug discovered (and patched very quickly). > This is still a "work in progress", and uses an older kernel > version than is currently being shipped by companies like Red Hat, > so take it as an experiment, not something to stick on a production > server. > > Eventually, these modifications may be accepted by the Linux > community, a commercial vendor, or security related groups, > and become a bit more main-stream. I'll try to point it out when that > occurs. I've been watching this too, having working with the NSA in the past. The effort is remarkable for a couple of reasons: 1) The US government, or at least part of the US government, is beginning to think about encryption, privacy, and security in terms of processes rather than strictly in terms of technology, which is a good thing. 2) It is remarkable that ANYTHING came out of the NSA at all. Jeff -- Jeff Silverman, sysadmin for the Research Computing Systems (RCS) University of Washington, School of Engineering, Electrical Engineering Dept. Box 352500, Seattle, WA, 98125-2500 FAX: (206) 221-5264 Phone (206) 543-9378 jeffs@rcs.ee.washington.edu http://rcs.ee.washington.edu/~jeffs .