Adam Back wrote:
> About the criticisms of Common Critera evaluation in general, I think
> why people complain it is a documentation exercise is because pretty
> much all it does ensure that it does what it says it does.  So
> basically you have to enumerates threats, state what threats the
> system is designed to protect against, and which are out of scope.
> Then the rest of the documentation is just saying that in increasing
> detail, that you have not made mistakes in the design and
> specification and to some extent implementation.

CC has very good points. One of the best points is IMO the ST/PP concept
which encourages to think what to protect against what. And I do think
that most of the CC documents are helpful. But some, esp. these which
occupy the most paper, are IMO not worth their effort. These are the
low- and high-level design. They are meant to be the link between
specification and implementation, but I am sure that there are simpler
ways to show the link. And my experience is that these two documents do
not change the product in any way.


Matthias Bruestle, Managing Director
Phone +49 (0) 91 19 55 14 91, Fax +49 (0) 91 19 55 14 97
MaskTech GmbH, Nordostpark 16, 90411 Nuernberg, Germany

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to