Path: utzoo!utgpu!watserv1!watmath!att!linac!pacific.mps.ohio-state.edu!zaphod.mps.ohio-state.edu!ncar!ico!rcd
From: rcd@ico.isc.com (Dick Dunn)
Newsgroups: comp.unix.sysv386
Subject: security levels, V.4
Message-ID: <1990Nov29.224243.2934@ico.isc.com>
Date: 29 Nov 90 22:42:43 GMT
References: <1990Nov23.182943.21094@cs.dal.ca> <2389@sixhub.UUCP> <2313@tabbs.UUCP>
Organization: Interactive Systems Corporation, Boulder, CO
Lines: 24

aris@tabbs.UUCP (Aris Stathakis) writes:
  davidsen@sixhub.UUCP (Wm E. Davidsen Jr) writes:
> >  ODT has C2 security, DV2 doesn't, but has shadow password. Both
> >companies consider this a feature. I would gladly pay another $200-300
> >for ODT with the security ripped out...

> DV2?  You mean maybe DV4? :-)  Strange.  I was under the impression
> that AT&T wouldn't let you call your product UNIX V.4 unless you had
> at least B2 security.  I could be wrong though..

B2???  No, you must be kidding.  You *don't want* B2.  (It may be required
for something you're doing, in which case you may *need* it...but even then
you won't *want* it.:-)

B2 is a higher level of security than C2.  I'll leave it to the orange-book
mavens to explain the differences; suffice it to say that if you think the
flaming you've seen in this newsgroup about C2 is hot, you ain't seen
nothin' yet.

And no, B2 is not required for V.4.  It's an option--I think MLS will take
you to the B2 level.
-- 
Dick Dunn     rcd@ico.isc.com -or- ico!rcd       Boulder, CO   (303)449-2870
   ...Mr. Natural says, "Use the right tool for the job."