Skip top menus
National Security Agency and Central Security Service with agency logos.NSA/CSS Memorial Wall
Home    About NSA    Research    Business    Careers    Public Info    History
Introduction to Research    Security-Enhanced Linux    Information Assurance Research    Technology Transfer    Publications    Related Links

>>SELinux Mailing List: by thread

Search
What's new?
Contents
Overview
What's New
Frequently Asked Questions
Background
Documentation
License
Download
Participating
Mail List
Archive Summary
Archive by Thread
Archive by Author
Archive by Date
Archive by Subject
Remaining Work
Contributors
Related Work
Press Releases
  • Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
From: Josh <josh_at_mercuryfs.net>
subject: not about SE linux, but relevant.
Date: Fri, 27 Jul 2001 00:13:07 -0700
  • This message: [ Message body ]
  • Next message: Sandy Harris: "Keynote URL"
  • Previous message: Eric Peters: "Re: verbose make relabel/RedHat 7.1 install"


I will not abuse being a member of this group, and intend to listen much more than speak. However, I have something that I think you will all respect
(may not agree with). This is a philosophical debate between myself and the
freenet community, which is basically a better version of Gnutella. In my opinion, they hide behind the first amendment a bit too much. They believe that true distributed security is achievable (I do not, by definition).

Tomorrow I'm having a conference call with VA Linux, to get a quote. The business plan will be ready in a month. Then funding, then code. I will talk to all of you after I have achieved these.

 -----Original Message----- 

From: 	Josh [mailto:josh@mercuryfs.net]
Sent:	Thursday, July 26, 2001 10:29 PM
To:	Freenet Developers Email List (E-mail)
Cc:	'ian@hawk.freenetproject.org'
Subject:	words of wisdom

I will not drop any more emails into the group, since I'm not a member, and do not want to be that junk mail you all get. (funny example of the open philosophy's disadvantages :) ).

The question is not weather congress or the executive is the correct method, because the answer is both, and what's important is the situation. I understand your core philosophies, because you have well published them. Unfortunately I have not, but it will happen. I have an engineering perspective to add to this, because the issues are one and the same, if you really think about it (security & philosophy). To quote you guys, its how do you deal with the "cancer nodes". With my added centralness, it's the answer. It's the white blood cells. But to say that my design is more or less secure is futile, because nothing that is secure is usable. The fundamental premise of computer security is like an ohms law tradeoff: usability, security, cost.

What I am for, is what the NSA is aiming for with SE-Linux (my chosen linux base code, irony?): to make something so secure, that not even they can break it. That way, they can use it and feel comfortable. Those that break it will want the credit of doing so. Since I'm going to have a budget to deal with, there will be rewards to entice people to enhance MFS. My hopes are that it will be the DES of file systems. Not the best in any category, but universal and good enough to get the job done. Generic and specialized are yin and yang.

You guys will appreciate the UNI ID design, and may want to consider looking it over. I may make MFS and UNI ID also use PGP, to have 2 fences guarding the property. That will be the executive and congress together. I am purposely not reading your engineering material, just as I'm not reading AFS
(but will later). I want it for the record that we are in parallel, and not
hopping over. But UNI ID is NOT MFS, so that argument doesn't apply. UNI ID was created out of necessity. Its my definition of anonymous identification.
(yes, you semantics freaks, its an oxymoron, and trademark!)

You may all view the UNI IDs figures because it's a public design. www.mercuryfs.net/design/uni_id.pdf Note that this week I'm changing all functions over to use the figure 96 method
(www.mercuryfs.net/design/fig_96.pdf ), to just begin later on in that
flowcharts process. Thus sending the UNI ID password (aka PIN number) via IPsec.

My last note is, a suggestion: should you read and understand the UNI ID design, and how it's a public/private key distribution system, and that MFS
(specifically the S0 network) does not use it in any special way, then I'd
like to propose that you all see if UNI ID may suit freenet. Because by design, both technically, legally, and philosophically, it's a and neutral separate entity. I intend to end up in Switzerland, since I can have an excuse to use the (rented, timeshared, low cost, blah blah) corporate jet, and go snowboarding. Not a partnership, but just the first user of it. In fact, if Ian is interested, we can get him to funding it? (ha!)

Oh yeah, the patent will be at www.mercuryfs.net/patent.zip, in about 20 minutes. It's a better read than my documentation, to be honest. I consider it the best summary of MFS so far. What an example of the value of attorneys, the Marine corp. of the business world.

  • josh http://www.mercuryfs.net/ a permanent caching location independent global file system 
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
  • Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

This archive was generated by hypermail 2.2.0 on Wed 11 Jun 2008 - 08:10:53 EDT

Information Assurance | Signals & Intelligence        Links | Accessibility | Privacy & Security