security levels, V.4

Dick Dunn rcd at ico.isc.com
Fri Nov 30 09:42:43 AEST 1990


aris at tabbs.UUCP (Aris Stathakis) writes:
  davidsen at sixhub.UUCP (Wm E. Davidsen Jr) writes:
> >  ODT has C2 security, DV2 doesn't, but has shadow password. Both
> >companies consider this a feature. I would gladly pay another $200-300
> >for ODT with the security ripped out...

> DV2?  You mean maybe DV4? :-)  Strange.  I was under the impression
> that AT&T wouldn't let you call your product UNIX V.4 unless you had
> at least B2 security.  I could be wrong though..

B2???  No, you must be kidding.  You *don't want* B2.  (It may be required
for something you're doing, in which case you may *need* it...but even then
you won't *want* it.:-)

B2 is a higher level of security than C2.  I'll leave it to the orange-book
mavens to explain the differences; suffice it to say that if you think the
flaming you've seen in this newsgroup about C2 is hot, you ain't seen
nothin' yet.

And no, B2 is not required for V.4.  It's an option--I think MLS will take
you to the B2 level.
-- 
Dick Dunn     rcd at ico.isc.com -or- ico!rcd       Boulder, CO   (303)449-2870
   ...Mr. Natural says, "Use the right tool for the job."



More information about the Comp.unix.sysv386 mailing list