somehow I did not want to get into that discussion but honestly, isn't it the case that all of us have a lingo that might confuse the outside world. Therefore, pls try to be helpful in arguments. That sounds like flames! Roland Larry Paul wrote: > > I counted 60 acronyms in the first 2 pages of the functional > requirements.(TOC) A short sample: > FIA_AFL, TSF(FMT_MOF),FPR_ANO, FPT_ITC, TOE TSF, FRU_RSA, FTA_MCS, FAU_GEN, > FCO_NRR, FCS_CKM, FDP_ACF, etc. etc. Somone up there must LOVE > abbreviations. > *-----Original Message----- > *From: [EMAIL PROTECTED] > *[mailto:[EMAIL PROTECTED]]On Behalf Of Marcus J. Ranum > *Sent: Tuesday, November 28, 2000 4:43 PM > *To: [EMAIL PROTECTED] > *Subject: Re: > * > * > *Frederick M Avolio <[EMAIL PROTECTED]> writes: > *>Yes I encourage anyone who thinks that the Common Criteria sounds like a > *>wonderful invention to skim at least a few of the documents > * > *That's cruel, Fred. That stuff's completely unreadable > *gibberish and you know it. The only reason anyone should > *read it is if they: > * a) want an example of how _not_ to convey information effectively > * b) are suffering from sleep disorder and wish to become unconscious > * > *Here's a fun common criteria story. ;) The names have been > *left out, but the story is true <dum-dah-dum-dum> - about > *a year after I stopped writing firewalls for a living ('95+) > *I got a call from someone who'd been working on common criteria > *profiles for firewalls. They worked for one of the agencies > *that helped perpetuate the whole common criteria thing, and > *were very seriously into the whole concept. The guy invited > *me to review and comment on the profile for firewalls (I may > *have some of the terminology wrong) and offered to send it. > *At that time, I had been sharpening my fangs on ICSA's ankles, > *and so the whole topic of certifying firewalls was "interesting" > *to me. So I agreed. Then I got this - thing - that appeared > *to have been written in its own language. As I studied it > *more closely, I realized that it was written entirely in > *code - every term that was in common use had been redefined > *into another term. In fact, the whole document appeared to > *be the output of an extended game of gnomic. It was the most > *amazing pile of unreadable bureaucratese - for unreadability > *it beat rijdael ciphertext quite easily. So I get on the > *phone with the guy, not wanting to commit my comments to > *E-mail and posterity: > * M: "Hi, this is Marcus. I've been reviewing the stuff you > * sent and I have a couple of questions about it." > * ?: "OK, sure!" > * M: "Alright: where's the executive summary?" > * ?: "Huh?" > * M: "You know, the 1 page summary that tells a manager > * what it _means_ so they don't have to read the rest?" > * ?: "We don't have those. That's not what this program > * is about!" > * M: "Ok, then, who do you expect to use these documents?" > * ?: "Security officers who are seeing if products meet the > * profile for deployment." > * M: "Oh, so you mean this is written in the language of > * a mysterious priesthood that nobody listens to, so that > * other members of the mysterious priesthood will nod > * sagely? Meanwhile everyone will base their product > * deployments on what they read in 'Data Communications'?"* > * ... > * and it went downhill from there. I fear I lost a friend. > * > * The DOD-oids who are working on this formal security > *stuff and common criteria are the most out-of-touch people > *on earth, as far as I can tell. What good is a spec that > *nobody can or will read? You can't even use it as a paperweight > *because it's also paper! > * > *(* a great and sorely-missed journal that had some top-notch > *product reviews that had real teeth) > * > *mjr. > *----- > * > *Marcus J. Ranum > *Chief Technology Officer, NFR Security, Inc. > *Work: http://www.nfr.com > *Personal: http://www.ranum.com > * > *- > *[To unsubscribe, send mail to [EMAIL PROTECTED] with > *"unsubscribe firewalls" in the body of the message.] > * > > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
