NCipher Takes Hardware Security To Network Level
Anton Stiglic
astiglic at okiok.com
Fri Oct 10 10:25:19 EDT 2003
----- Original Message -----
From: "Peter Gutmann" <pgut001 at cs.auckland.ac.nz>
> [...]
>
> The problem is
> that what we really need to be able to evaluate is how committed a vendor
is
> to creating a truly secure product.
> [...]
I agree 100% with what you said. Your 3 group classification seems
accurate.
But the problem is how can people who know nothing about security evaluate
which vendor is most committed to security?
For the moment, FIPS 140 and CC type certifications seem to be the only
means
for these people... Unfortunately these are still to general and don't
always give
you an accurate measurement of how dedicated to security the vendor was...
This seems to be a big open-problem in practical security!
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list