----- Original Message ----- 
From: "Peter Gutmann" <[EMAIL PROTECTED]>
> [...]
> The problem is
> that what we really need to be able to evaluate is how committed a vendor
> to creating a truly secure product.
> [...]

I agree 100% with what you said.  Your 3 group classification seems
But the problem is how can people who know nothing about security evaluate
which vendor is most committed to security?
For the moment, FIPS 140 and CC type certifications seem to be the only
for these people...  Unfortunately these are still to general and don't
always give
you an accurate measurement of how dedicated to security the vendor was...
This seems to be a big open-problem in practical security!


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to