Adam Back wrote:
> About the criticisms of Common Critera evaluation in general, I think
> why people complain it is a documentation exercise is because pretty
> much all it does ensure that it does what it says it does.  So
> basically you have to enumerates threats, state what threats the
> system is designed to protect against, and which are out of scope.
> 
> Then the rest of the documentation is just saying that in increasing
> detail, that you have not made mistakes in the design and
> specification and to some extent implementation.

CC has very good points. One of the best points is IMO the ST/PP concept
which encourages to think what to protect against what. And I do think
that most of the CC documents are helpful. But some, esp. these which
occupy the most paper, are IMO not worth their effort. These are the
low- and high-level design. They are meant to be the link between
specification and implementation, but I am sure that there are simpler
ways to show the link. And my experience is that these two documents do
not change the product in any way.

Matthias

-- 
Matthias Bruestle, Managing Director
Phone +49 (0) 91 19 55 14 91, Fax +49 (0) 91 19 55 14 97
MaskTech GmbH, Nordostpark 16, 90411 Nuernberg, Germany

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to